Security firm CrowdStrike unintentionally caused chaos around the world on Friday when it applied a flawed software update to its Falcon monitoring platform that rendered Windows computers running the product inoperable. The effects of the incident are expected to take days to resolve, and the company is warning that while system administrators and IT staff work to fix things, another threat is looming: predatory digital scams aimed at exploiting the crisis.
Researchers began warning on Friday afternoon that attackers were reserving domain names and starting to set up websites and other infrastructure to carry out “CrowdStrike Support” scams targeting the company’s customers and those who may be affected by the disruptions. CrowdStrike researchers said: I also warned about this activity. On Friday, the company published a list of domains that appear to have been registered under its name.
“We know that adversaries and bad actors will try to exploit events like this,” CrowdStrike founder and CEO George Kurtz said. I have written “We urge everyone to remain vigilant and get in touch with official CrowdStrike representatives. Our blog and technical support will continue to serve as official channels for updates,” it said in a statement.
Attackers will inevitably use world-famous events or hot topic issues in certain regions to trick people into sending them money, steal credentials for targeted accounts, or compromise victims with malware.
“Threat actors will always try to capitalize on major events,” says Brett Callow, managing director of cybersecurity and data privacy communications at FTI Consulting. “Any time an organization experiences an incident, customers and business partners need to be prepared for it.”
While most individuals are not personally responsible for dealing with CloudStrike-related computer outages, this incident could be exploited because some IT professionals working on repairs may be desperate for a solution. In most cases, repairing affected computers would require booting and fixing each computer individually, which can be a time-consuming and logistically challenging process. And for small business owners who don’t have access to extensive IT expertise, this challenge can be especially daunting.
Researchers, including from CrowdStrike’s intelligence division, have previously observed attackers sending phishing emails and making phone calls posing as CrowdStrike support staff to sell software tools that claim to automate the process of recovering from faulty software updates. Some attackers have posed as researchers and claimed to have special information vital to recovery, and have claimed the situation is actually the result of a cyberattack, when in fact it is not.
CrowdStrike stresses that customers should ensure they are communicating with staff from a legitimate company and should only trust the company’s official corporate communications.
“It helps to quickly warn employees of potential risks,” Callow said of how CloudStrike customers should work to protect themselves. “If you’re warned in advance, you can prepare in advance.”
