Watch out for emails that claim to come from CrowdStrike. Hackers have been quick to exploit Friday’s massive IT outage by posing as the cybersecurity company behind the disruption. The US Cybersecurity and Infrastructure Security Agency (CISA) and UK National Cyber Security Centre issued alerts warning about phishing emails attempting to capitalize on the chaos. “An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organizations and individuals,” the UK agency said. The US-based SANS Technology Institute, which promotes cybersecurity, issued a similar warning. “Some reports we have seen indicate that there may be phishing emails circulating claiming to come from ‘Crowdstrike Support’ or ‘Crowdstrike Security,’” wrote Johannes Ullrich, the dean of research at the institute. “I do not have any samples at this point, but attackers are likely leveraging the heavy media attention. Please be careful with any ‘patches’ that may be delivered this way,” he added. “One domain possibly associated with these phishing attacks is: crowdfalcon-immed-update [.] com.”The outage represents a ripe opportunity for cybercriminals since it’s affecting numerous companies, including airlines. In total, CrowdStrike has about 29,000 enterprise customers — many of which are likely scrambling to resolve Friday’s disruption
This Tweet is currently unavailable. It might be loading or has been removed.
CrowdStrike has issued an advisory on how companies and individual users can restore affected Windows systems, which has been sourced to a faulty software update. Nevertheless, phishing emails dressed up to look like the cybersecurity vendor could trick customers desperate for help.
Recommended by Our Editors
The Texas Department of Information Resources added that’s it’s been “receiving reports that bad actors are impersonating CrowdStrike employees to gain access credentials.”Some cybersecurity researchers have also spotted someone registering several internet domains using the names such as “crowdstrikebluescreen[.]com,” and “crowdstrike0day[.]com” — a sign that hackers are preparing to create numerous scam websites to exploit the outage.
This Tweet is currently unavailable. It might be loading or has been removed.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
