Cybercriminals are capitalizing on the recent global tech outage caused by a faulty CrowdStrike software update by setting up fake websites designed to exploit those seeking solutions or information about the incident. According to the US government and cybersecurity experts, these fraudulent sites are created to harvest visitors’ personal information or compromise their devices.
The malicious sites often use domain names that include terms like “CrowdStrike” or “blue screen,” which relate to the symptoms of the CrowdStrike glitch. They attempt to lure victims with promises of quick fixes or offers of fake cryptocurrency. The Department of Homeland Security has reported an uptick in phishing and other malicious activities exploiting the situation.
“Remain vigilant and only follow instructions from legitimate sources,” advised a bulletin from the Department’s Cybersecurity and Infrastructure Security Agency (CISA). CrowdStrike has also issued guidance for affected organizations and warned that hackers are not only creating fake websites but also impersonating CrowdStrike employees in scam emails and phone calls. Some have even distributed bogus software pretending to fix the glitch, with one example targeting Spanish-speaking customers through a malicious file named 'crowdstrike-hotfix.zip‘
The CrowdStrike software glitch has resulted in significant operational disruptions, with recovery expected to be costly and lengthy. The company advises organizations to communicate through official channels and follow the technical guidance provided by CrowdStrike support teams.
This incident highlights a common pattern where high-profile events create opportunities for cybercriminals. For instance, after the Equifax data breach in 2017, there was a surge in phishing emails impersonating banks. Similarly, during the COVID-19 pandemic, scammers posed as government officials to exploit relief fund programs.
As organizations grapple with the CrowdStrike outage, they may inadvertently expose themselves to additional risks by weakening or disabling their cybersecurity measures. Cybersecurity researcher Azim Khodjibaev warned that such actions could leave organizations vulnerable to further attacks.
Brett Callow, managing director of cybersecurity practice at FTI Consulting, noted that the exploitation of current events by bad actors is a common tactic. “Customers of companies affected by high-profile incidents need to be especially vigilant and prepared for such attempts,” he said.
The ongoing situation underscores the need for heightened awareness and caution as organizations and individuals navigate the fallout from the CrowdStrike outage.
