Key Takeaways:
- Cybercriminals are capitalizing on the disruption caused by CrowdStrike’s faulty update to target affected organizations.
- CISA warned that hackers are deploying fraudulent domains to distribute malware and execute phishing attacks.
- It’s highly recommended to avoid clicking on suspicious links or emails and following only legitimate instructions to prevent further compromise.
The Cybersecurity and Infrastructure Security Agency (CISA) has alerted that cybercriminals are seizing the turmoil from the recent CrowdStrike outage to launch attacks on affected businesses. The agency warns that these malicious actors are using malicious domains to distribute malware and compromise corporate networks.
Last week, cybersecurity firm CrowdStrike released a faulty update for its Falcon Sensor software that caused a major IT outage worldwide. Users reported that the update triggered “blue screen of death” (BSOD) errors on their Windows systems, affecting critical sectors such as airports, banks, hospitals, and government organizations. CrowdStrike has since rolled back the update and deployed a fix to address the BSOD bug on affected computers.
Microsoft reports that it has been collaborating with CrowdStrike to resolve the technical issue. The flawed update impacted approximately 8.5 million Windows devices, which is less than 1 percent of all Windows machines worldwide. System administrators estimate that recovery could take several days, and in some cases, potentially a week or more for larger organizations.
Phishing attacks surge following CrowdStrike outage
According to CISA, hackers exploit the CrowdStrike outage by using fake domains to impersonate the company and send phishing emails to affected customers. These phishing campaigns aim to steal personal information or compromise Windows devices. In some instances, the attackers even demand cryptocurrency payments for purported fixes. CISA advises users to avoid clicking on suspicious emails or links to protect against these scams and email compromise attacks.
“CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links,” CISA explained.
CISA is working closely with CrowdStrike, as well as federal, state, local, tribal, and territorial partners, to analyze and support remediation efforts. The federal agency is also collaborating with both private sector and government organizations to monitor and address any new malicious activity.