CrowdStrike Security Company accidentally caused chaos around the world next friday deploying a faulty software update to the company’s Falcon monitoring platform crashed Windows computers running the product. The fallout from the incident will take days to resolve, and the company is warning that as system administrators and IT staff work to fix it, another threat is lurking: predatory digital scams trying to capitalize on the crisis.
Researchers began warning Friday afternoon that attackers were taking over domain names and starting to create websites and other infrastructure to carry out “CrowdStrike Support” scams targeting the company’s customers and anyone else who might be affected by the chaos. CrowdStrike researchers also warned about the activity on Friday and released a list of domains that appear to have been registered to impersonate the company.
“We know that adversaries and bad actors will try to exploit events like this,” CrowdStrike founder and CEO George Kurtz Written in a statement. “I encourage everyone to remain vigilant and ensure you are interacting with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”
Attackers will certainly take advantage Global Event Highlights as current affairs in specific geographic areas to trick people into sending money, steal target account information, or infect victims with malware.
“Threat actors are always looking to capitalize on any major event,” said Brett Callow, managing director of cybersecurity and data privacy communications at FTI Consulting. “Anytime an organization experiences an incident, it’s something that customers and business partners should be prepared for.”
While most individuals are not personally responsible for resolving computer problems related to CloudStrike, the issue is ripe for exploitation because some IT professionals who are troubleshooting the problem may be desperate for solutions. In most cases, fixing affected computers involves rebooting and repairing each computer individually—a process that can be time-consuming and logistically difficult. And for small business owners without access to extensive IT expertise, the challenge can be especially daunting.
Researchers, including those from CrowdStrike intelligence, have so far seen attackers send phishing emails or make phone calls pretending to be CrowdStrike support staff and sell software tools that claim to automate the recovery process after a faulty software update. Some attackers have also posed as researchers and claimed to have critical information for recovery—that the situation was actually the result of a cyberattack, when it wasn’t.
CrowdStrike emphasizes that customers should confirm that they are communicating with legitimate company personnel and only trust official company communications.
“It helps to have a quick warning for employees outlining potential risks,” Callow said of how CloudStrike customers should act to protect themselves. “Pre-warning is pre-preparedness.”
