Cybersecurity experts and agencies worldwide are alerting the public about a surge in opportunistic hacking attempts related to the recent IT outage.
Although there is no evidence that the CrowdStrike outage was caused by malicious activity, some bad actors are trying to take advantage of the situation. Cyber agencies in the UK and Australia are advising people to be cautious of fake emails, calls, and websites posing as official entities.
CrowdStrike CEO George Kurtz urged users to verify they are communicating with official representatives before downloading any fixes. “We know that adversaries and bad actors will try to exploit events like this,” he said in a blog post. “Our blog and technical support will continue to be the official channels for the latest updates.”
His warning was echoed by cybersecurity expert Troy Hunt, who operates the well-known security website Have I Been Pwned. “An incident like this, which has garnered so much attention and concern, is a gift to scammers,” Hunt remarked.
Hunt was responding to an alert from the Australian Signals Directorate (ASD), Australia’s equivalent of the UK’s GCHQ or the US’s NSA, which warned of hackers distributing fake software fixes claiming to be from CrowdStrike. “Alert! We understand a number of malicious websites and unofficial code are being released claiming to help entities recover,” the notice reads. The agency urges IT responders to use only CrowdStrike’s official website for information and assistance.
The ASD’s warning follows calls from the UK’s National Cyber Security Centre (NCSC) urging heightened vigilance against suspicious emails or calls pretending to be from CrowdStrike or Microsoft support. “An increase in phishing attempts referencing this outage has already been observed, as opportunistic malicious actors seek to exploit the situation,” the NCSC said.
Fear and Uncertainty
Major news events, especially those involving technology, often lead to hackers modifying their tactics to exploit public fear and uncertainty. During the Covid-19 pandemic, for instance, hackers adjusted their phishing emails to offer information about the virus or even fake antidotes to deceive people and organizations.
With the IT outage making global headlines, hackers are seizing the opportunity. Researchers at Secureworks have noted a sharp rise in CrowdStrike-themed domain registrations, where hackers create websites that appear official to trick IT managers or the public into downloading malicious software or revealing private information.
The primary advice is directed at IT managers who are working to get their organizations back online, but individuals are also advised to be cautious. Experts recommend acting only on information from official CrowdStrike channels.
