(Photo by Karl-Josef Hildenbrand/picture alliance via Getty Images)
UPDATE: CrowdStrike has also spotted cybercriminals using the outage as bait to hack prospective targets. This includes "impersonating CrowdStrike staff in phone calls," and "posing as independent researchers, claiming to have evidence the technical issue is linked to a cyberattack."
The company's blog post lists several malicious domains that the hackers have been using.
Original story:
Watch out for emails that claim to come from CrowdStrike. Hackers have been quick to exploit Friday’s massive IT outage by posing as the cybersecurity company behind the disruption.
The US Cybersecurity and Infrastructure Security Agency (CISA) and UK National Cyber Security Centre issued alerts warning about phishing emails attempting to capitalize on the chaos.
"An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organizations and individuals," the UK agency said.
The US-based SANS Technology Institute, which promotes cybersecurity, issued a similar warning. “Some reports we have seen indicate that there may be phishing emails circulating claiming to come from ‘Crowdstrike Support’ or ‘Crowdstrike Security,’” wrote Johannes Ullrich, the dean of research at the institute.
“I do not have any samples at this point, but attackers are likely leveraging the heavy media attention. Please be careful with any ‘patches’ that may be delivered this way,” he added. “One domain possibly associated with these phishing attacks is: crowdfalcon-immed-update [.] com.”
The outage represents a ripe opportunity for cybercriminals since it's affecting numerous companies, including airlines. In total, CrowdStrike has about 29,000 enterprise customers — many of which are likely scrambling to resolve Friday’s disruption
This Tweet is currently unavailable. It might be loading or has been removed.
CrowdStrike has issued an advisory on how companies and individual users can restore affected Windows systems, which has been sourced to a faulty software update. Nevertheless, phishing emails dressed up to look like the cybersecurity vendor could trick customers desperate for help.
The Texas Department of Information Resources added that's it's been "receiving reports that bad actors are impersonating CrowdStrike employees to gain access credentials."
Some cybersecurity researchers have also spotted someone registering several internet domains using the names such as “crowdstrikebluescreen[.]com,” and “crowdstrike0day[.]com” — a sign that hackers are preparing to create numerous scam websites to exploit the outage.
This Tweet is currently unavailable. It might be loading or has been removed.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
Read the latest from Michael Kan
- Elon Musk: Cellular Starlink Will Only Be Exclusive on T-Mobile for the First Year
- FCC Rejects Citizen Effort to Revive $886M in Funding for SpaceX's Starlink
- Windows 11 Dethrones Windows 10 to Become New King of PC Gaming
- Musk's xAI Supercomputer Goes Online With 100,000 Nvidia GPUs
- Tom Hanks Is Promoting a Cure for Diabetes? Nope, It's an AI-Powered Scam
- More from Michael Kan
