Well that was fast. Criminals didn’t waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious domains purporting to be fixes.
Just hours after a faulty CrowdStrike file shut down Windows machines around the globe, reports surfaced of scam emails using the outage as a lure and otherwise trying to use the massive outage as a means to pursue criminal activities.
“Some reports we have seen indicate that there may be phishing emails circulating claiming to come from ‘CrowdStrike Support’ or “CrowdStrike Security,” said Johannes Ullrich, dean of research for SANS Technology Institute and the founder of the Internet Storm Center.
While he did not have any samples to share at the time, “attackers are likely leveraging the heavy media attention,” Ullrich added. “Please be careful with any ‘patches’ that may be delivered this way.”
ICS also listed one domain that is “possibly” linked to these phishing attacks:
Other phony domains posing as fixing sites surfaced on social media, with security researchers warning users not to pay for a fix — there’s free support from the real CrowdStrike — as some of the fraudulent websites asked for bitcoin and PayPal “donations.”
Additionally, while CrowdStrike CEO George Kurtz, in a statement on X, assured customers “this is not a security incident or cyberattack,” the software flaw does make it that much easier for network intruders to sneak in while system admins work to implement the fix.
“The good news is that it is not a cyber attack,” Agnidipta Sarkar, VP CISO advisory at ColorTokens told The Register. “The bad news is that the purpose of the patch will remain unresolved as computers recover, making all of them vulnerable to a future attack.”
In addition to proving a giant headache for IT admins, the Friday outage downed emergency 911 communications in the US, canceled critical surgeries at hospitals in the UK and grounded flights around the world.
When asked about the incident, a US Cybersecurity and Infrastructure Security Agency spokesperson told The Register: “CISA is working closely with CrowdStrike and our federal, state, local and critical infrastructure partners to fully assess and address these issues.” ®