Industry experts have issued warnings that cybercriminals are exploiting the Windows outage by launching phishing campaigns.
Experts have reported raised security alerts with one security group reporting the surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. Additionally phishing calls are being made to organisations trying to solicit information around the outage.
Stu Sjouwerman, CEO and President of KnowBe4, has warned that CrowdStrike phishing attacks are appearing in record time.
“Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos,” he said.
“Numerous websites have surfaced, promising help to those affected by the outage. Names like crowdstriketoken[.]com, crowdstrikedown[.]site, crowdstrikefix[.]com, were identified by a UK-based cybersecurity researcher specialising in credential phishing.
“These new domains were registered and designed in record time to lure in people desperate to restore their systems. While phishing sites commonly emerge following major events, the scale of Friday’s outages presents a vast field of potential victims.”
Sumit Bansal, VP, Asia Pacific and Japan at BlueVoyant, issued a warning to be extra careful as fraudsters are trying to use these events to their advantage.
“BlueVoyant received a call from an individual stating they were with CrowdStrike and soliciting information around the on-going CrowdStrike outage. BlueVoyant was unable to validate the caller and has flagged this as a potential social engineering event,” he said.
“Headline-grabbing news serves as an excellent and timely pretence for adversaries to make the worst out of a bad situation. Under the guise of helping, adversaries will use these events to gather privileged information about your organisation, such as whether you use an impacted solution, convince users to enter credentials into malicious support portals, and install remote access tools that lead to internal compromises.
“Please exercise caution and scrutiny if contacted by individuals stating they are calling on behalf of or from companies with recent newsworthy events. Rather than providing information to an inbound caller, visit the organisation’s website and call the documented support number. Let your users know that the incident is being handled by internal IT and security teams, and not to provide any information to external callers as it may be a scam.”
Click below to share this article
