Anti-Phishing, DMARC
,
Business Continuity Management / Disaster Recovery
,
Fraud Management & Cybercrime
Authorities Warn About Domains Targeting Victims Seeking to Restore Windows Devices
Cybercriminals are wasting no time in exploiting the chaos created by the CrowdStrike outage.
See Also: Healthcare in The Cloud: Detecting and Overcoming Threats to Ensure Continuity & Compliance
Within a day of the global outage linked to a CrowdStrike faulty software update that leaves Windows systems displaying the dreaded “blue screen of death,” cybercriminals launched deceptive websites with domain names that include keywords such as “CrowdStrike” and “blue screen.” Hackers are hoping to attract unsuspecting users searching for IT fixes for the outage, according to CISA, other government agencies and security researchers.
These fake sites often promise quick fixes or falsely offer cryptocurrency rewards to lure visitors into accessing malicious content.
George Kurtz, CEO of CrowdStrike, emphasized the importance of using official communication channels, urging customers to be wary of imposters. “Our team is fully mobilized to secure and stabilize our customers’ systems,” Kurtz said, noting the significant increase in phishing emails and phone calls impersonating CrowdStrike support staff.
Imposters have also posed as independent researchers selling fake recovery solutions, further complicating efforts to resolve the outage.
Rachel Tobac, founder of SocialProof Security, warned about social engineering threats in a series of tweets on X, formerly Twitter. “Criminals are exploiting the outage as cover to trick victims into handing over passwords and other sensitive codes,” Tobac warned.
She advised users to verify the identity of anyone requesting sensitive information.
The surge in cybercriminal activity in the wake of the outage follows a common tactic used by cybercriminals to exploit chaotic situations. SentinelOne, a cybersecurity firm reported seeing threat actors use social engineering, phishing attempts, credential theft, deepfake video and voice calls, and false information to capitalize on the outage.
CISA said it is working closely with CrowdStrike and federal, state, and international partners to address the crisis. In a statement, CISA reiterated the importance of avoiding phishing emails and suspicious links, which can lead to email compromise and other scams.
The UK’s National Cyber Security Center also warned about an increase in phishing attacks. “Note that an increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation,” the agency said.
Cyber campaigns may be aimed at both organizations and individuals. Organizations should review NCSC guidance to make sure that multi-layer phishing mitigations are in place, while individuals should be alert to suspicious emails or messages on this topic and know what to look for.
“While the CrowdStrike outage was not caused by a cyberattack, threat actors are capitalizing on the incident to conduct phishing and other malicious activities,” CISA said.
The deceptive domains, including names like crowdstriketoken.com, crowdstrikedown.site, and crowdstrike-helpdesk.com, have already emerged, targeting individuals desperate to restore their systems. The urgency created by the outage has made potential victims more susceptible to scams.
CrowdStrike issued guidance to affected organizations, emphasizing the importance of communicating with official representatives and adhering to technical advice provided by their support teams. The company has also published a list of fraudulent domains to help users identify and avoid potential scams.
As the global tech community works to recover from the disruption, the collaborative efforts between CISA, CrowdStrike, and other cybersecurity partners aim to mitigate the impact of these malicious activities.
Users are urged to remain vigilant, verify the authenticity of any communications related to the outage and rely on trusted sources for guidance.