As much of the world slowly returns to the internet following the outage caused by cybersecurity giant CrowdStrike, leading to a global travel and business lockdown, malicious actors are also trying to exploit the situation for their own gain.
US cybersecurity agency CISA said on Friday that the CrowdStrike outage was not linked to a cyberattack or malicious activity, but that it had observed “threat actors exploiting the incident for phishing and other malicious activities.”
Don’t Open Suspicious Links
CISA warned individuals to “avoid clicking on phishing emails or suspicious links that could lead to email compromise and other scams.”
It is common for malicious actors to exploit chaotic situations to launch cyberattacks, particularly through campaigns that are easy to create and quickly customize, such as phishing via email or text messaging.
Scammers Launch Phishing Campaign
A security researcher at X (formerly Twitter) said malicious actors were sending phishing emails using various domains imitating CrowdStrike. One of the emails claimed that the recipient could “solve the CrowdStrike apocalypse” if they paid a fee of several hundred euros to a random crypto wallet.
In reality, the only solutions that work are to either repeatedly reboot the affected computers and hope they stay on long enough for the newly patched update to download and install, or to manually remove the faulty file from each affected computer.
Scammers Turn Outages Into Opportunities
Social engineering expert Rachel Tobac, founder and president of cybersecurity firm SocialProof Security, said in a series of posts on X that criminals will use the outages as an excuse to trick victims into giving up their passwords and other sensitive codes.
“Remember: Verify that people are who they say they are before taking any sensitive actions,” Tobac said.
Early Friday morning, a faulty software update released by CrowdStrike caused numerous Windows computers running the company’s anti-malware and security software to crash. CrowdStrike said the bug had been fixed but warned that manually patching each affected computer could lead to extended outages.
CISA said it is working closely with its critical infrastructure and international partners, as well as CrowdStrike and federal, state, local, tribal and territorial partners, to help resolve the issues.
