As much of the world slowly comes back online after a breach at cybersecurity giant CrowdStrike paralyzed global travel and business, malicious actors are also trying to exploit the situation for their own gain.
The U.S. cybersecurity agency CISA said in a statement Friday that the CrowdStrike outage was not related to a cyberattack or malicious activity, but that “we have observed threat actors exploiting this incident for phishing and other malicious activity.”
CISA warns individuals to “avoid clicking on phishing emails or suspicious links,” as these can lead to email compromise and other scams.
It’s not uncommon for malicious actors to take advantage of confusing situations to launch cyberattacks, especially when it comes to campaigns that can be easily created and customized in a short period of time, such as email or text phishing.
A security researcher at X (formerly Twitter) said that malicious actors are already using various domains to send phishing emails impersonating CrowdStrike. One of the emails published falsely claimed that recipients could “fix the CrowdStrike apocalypse” by paying a fee of several hundred euros to a random cryptocurrency wallet.
In reality, the only effective solution is to either repeatedly restart the affected computer until the newly fixed update is downloaded and installed, or manually remove the defective file from all affected computers.
Rachel Topak, a social engineering expert who founded and leads cybersecurity firm SocialProof Security, said in a series of posts on X that criminals will likely use the outage as cover to try and trick victims into stealing their passwords and other sensitive codes.
“Remember: Before taking any sensitive action, make sure people are who they say they are,” Tobac said.
Early Friday morning, a flawed software update from CrowdStrike caused hundreds of thousands of Windows computers running the company’s anti-malware and security software to crash. CrowdStrike said the bug had been fixed, but warned that it would require each affected computer to be manually updated, which could result in ongoing outages.
CISA said it is working closely with “CrowdStrike and federal, state, local, tribal, and territorial partners,” as well as critical infrastructure and international partners, on remediation efforts.
