As CISA much of the world slowly gets back online after an outage caused by cybersecurity giant CrowdStrike led to global travel and business gridlock, malicious actors are also trying to exploit the situation for their own gain.
Malicious Activity Exploiting the Outage
U.S. cybersecurity agency CISA said in a statement Friday that though. The CrowdStrike outage was not linked to a cyberattack or malicious activity. It has “observed threat actors taking advantage of this incident for phishing and other malicious activity.”
Phishing and Scams
CISA warned individuals to “avoid clicking on phishing emails or suspicious links. Which can lead to email compromise and other scam. It’s not uncommon for malicious actors to exploit chaotic situations to carry out cyberattacks, especially campaigns. That can be easily created and customized at short notice, like email or text phishing.
Examples of Phishing Attempts
One security researcher on X, formerly Twitter, said malicious actors were already sending phishing emails using a variety of domains that impersonate CrowdStrike. One of the emails posted falsely claimed it could “fix the CrowdStrike apocalypse” if the recipient paid a fee worth several hundred euros to a random crypto wallet.
Real Fixes for the CrowdStrike Bug
In reality, the only working fixes are either to repeatedly restart affected computers. The hope that they stay on long enough. The newly fixed update to download and install, or manually removing the defective file from every bricked computer.
Social Engineering Risks
Social engineering expert Rachel Tobac, who founded and heads cybersecurity firm SocialProof Security, said in a series of posts on X that criminals will also use the outage as cover to trick victims into handing over passwords and other sensitive codes.
Verification Best Practices
“Remember: verify people are who they say they are before taking sensitive actions,” Tobac said.
Background on the Outage
As a result of an update that was flawed in some way by CrowdStrike early on Friday morning. A large number of Windows computers were disabled by its antivirus and malware protection software. The bug has been remedied according to CrowdStrike; however, it cautioned that each affected computer may have to be repaired manually, resulting in long-standing outages.
CISA’S Attempts To Diminish the Effect
Accordingly, CISA said it was “working closely with CrowdStrike and federal, state, local, tribal and territorial partners,” as well as critical infrastructure and its international partners to help with fixes.
