23 Jul 2024
Blogs
CrowdStrike Technical Outage Exploited by Cyber Criminals – Stay Vigilant!
On Friday 19 July, CrowdStrike released a sensor configuration update that triggered errors and system crashes in millions of Windows systems causing major business outages worldwide [2][3].ย CrowdStrike has assured users that the outage was not due to a cyberattack [2]. Reports have since surfaced indicating that malicious actors are swiftly capitalising on the disruption created by this technical issue [1][4].
Reports from cybersecurity experts and industry analysts suggest that cyber criminals are leveraging the outage window to launch phishing campaigns and other malicious activities. These efforts aim to exploit emotions such as fear or urgency to manipulate users into making quick, uninformed decisions. This tactic aims to bypass users’ critical thinking and make fraudulent schemes more successful.
Phishing attacks, in particular, have been observed mimicking CrowdStrike support communications. There also have been incidents where cyber criminals impersonated CrowdStrike staff in phone calls [1].
CrowdStrike has additionally noted instances where cyber criminals posed as independent researchers, falsely asserting evidence linking the technical issue to a cyberattack. They have offered supposed remediation insights and marketed scripts claiming to automate recovery from the content update problem [1].
In response to these developments, cybersecurity organisations and authorities have issued advisories urging heightened vigilance. Users are encouraged to verify the authenticity of communications, especially during service disruptions, and to adhere strictly to official channels for updates and support.
CrowdStrike has shared a list of domains impersonating CrowdStrike’s brand during the outage. While some domains in this list are not currently hosting malicious content and may be intended to amplify negative sentiment, they could potentially support future social-engineering operations [1].
As CrowdStrike continues to restore full service functionality, the incident serves as a stark reminder of the evolving tactics used by cyber criminals. Organizations and individuals alike must remain vigilant, maintain updated security measures, and exercise caution in response to such incidents to mitigate potential risks effectively.
The swift and coordinated response from cybersecurity communities highlights the importance of proactive measures in safeguarding against opportunistic cyber threats, ensuring resilience in the face of technical disruptions and potential exploitation by malicious actors.
[1] “Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers” – https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/
[2] “Technical Details: Falcon Content Update for Windows Hosts” – https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
[3] “CrowdStrike Falcon flaw sends Windows computers into chaos worldwide” – https://cyberscoop.com/crowdstrike-falcon-flaw-microsoft-outage-flights-grounded-windows/
[4] “Widespread outages relating to CrowdStrike software update” – https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update
Written by Vishaka Wijekoon for AUSCERT
