Don’t be a victim of crowd strike outage scam
The CrowdStrike Cybersecurity Crisis: Predatory Scams in a Wall-Building Environment and their Implications
The security firm CrowdStrike inadvertently caused mayhem around the world on Friday after deploying a faulty software update to the company’s Falcon monitoring platform that bricked Windows computers running the product. Fallout from the incident will take days to resolve, and the company is warning that, as system administrators and IT staff work on remediation, another threat is looming: predatory digital scams attempting to capitalize on the crisis.
Researchers on Friday afternoon began warning that attackers are reserving domain names and starting to spin up websites and other infrastructure to run “CrowdStrike Support” scams targeting the company’s customers and anyone who might be impacted by the chaos. CrowdStrike’s own researchers also warned about the activity on Friday and published a list of domains seemingly registered to impersonate the company.
A faulty software update may have caused some systems to get stuck in a boot loop. Systems are showing an error message that says, “it looks like Windows didn’t load correctly,” while giving users the option to restart the PC. Many companies, including this airline in India, have resorted to the good old-fashioned way of doing things by hand.
Lukasz Olejnik is an independent cybersecurity researcher, consultant and author of the book Philosophy of Cybersecurity. There are plenty of single points of failure when it comes to the software industry.
How Do IT Systems Get Their Systems Up and Running? The Case of the CrowdStrike Data Retrieval Attack on CloudStrike
Although CrowdStrike has deployed a fix, getting things up and running won’t be a simple task. Olejnik tells The Verge that this issue could take “days to weeks” to resolve because IT administrators may have to have physical access to a device to get them working again. Depending on how large a company IT team is, how fast that happens may be different. Olejnik believes that the majority will be recovered even if some systems are unrecoverable.
CrowdStrike founder and CEO George Kurtz said they know adversaries and bad actors will try to exploit events like this. “I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”
Attackers inevitably take advantage of prominent global events as well as topical issues in specific geographic areas to try to trick people into sending them money, steal target account credentials, or compromise victims with malware.
“Threat actors invariably attempt to capitalize on any major event,” says Brett Callow, managing director of cybersecurity and data privacy communications at FTI Consulting. Customers and business partners should be prepared for any incidents that might happen in the future.
Most individuals are not directly responsible for the CloudStrike incident, therefore it is ripe for exploitation because IT professionals could be desperate for solutions. It is a time consuming process to individually boot and correct affected computers in most cases. The challenge may be particularly daunting for small business owners who don’t have access to IT expertise.
Customers should only communicate with legitimate company staff members if they are certain they are communicating with an official from the company.
CloudStrike customers should work to defend themselves, says Callow, because of the speed with which employees are warned about potential risks. “Forewarned is forearmed.”