Blog
Navigating the Rise in Cybersecurity Threats in Wake of the CrowdStrike Outage
Flashpoint has observed a surge in phishing attempts by threat actors aiming to exploit the largest global IT disruption in history. Here is what you need to know:
Table Of Contents
On July 19, 2024, a software update from CrowdStrike caused the largest IT outage in history, affecting industries worldwide. Banking services, hospitals, and airlines experienced serious disruptions. While current reports confirm that this was not a cyberattack, Flashpoint has since observed threat actors looking to exploit this situation.
Flashpoint intelligence analysts have identified several newly created suspicious domains that could be used in active and upcoming phishing and social engineering campaigns:
- crowdstrikefix[.]com
- supportportal-crowdstrike-com[.]translate[.]goog
- crashstrike[.]com
- crowdstrikebluescreen[.]com
- crowdstrike-helpdesk[.]com
- crowdfalcon-immed-update[.]com
- crowdstrike-bsod[.]com
- crowdstrikebsod[.]com
- fix-crowdstrike-bsod[.]com
- fix-crowdstrike-apocalypse[.]com
- crowdstrikedown[.]site
- crowdstrike0day[.]com
- crowdstrikedoomsday[.]com
- crowdstriketoken[.]com
- crowdstrikeoutage[.]info
- crowdstrikecommuication[.]app
- crowdstrike-cloudtrail-storage-bb-126d5e[.]s3[.]us-west-1[.]amazonaws[.]com
It is crucial for affected organizations to follow official correspondence from CrowdStrike.
Be on the lookout for phishing attempts
Threat actors are targeting affected organizations with data wipers and remote access tools. As security teams seek assistance to fix impacted Windows hosts, researchers and government agencies, such as the UK’s National Cyber Security Centre, have observed an increase in phishing emails.
Organizations should be particularly wary of spear phishing and whaling attempts. Attackers have been sending malicious emails posing as CrowdStrike representatives. These emails contain plausible instructions on how to remedy the outage, but they are laced with malicious links disguised as updates.
Protecting against phishing attacks
Given the nature of the outage, educating and investing in personnel is paramount. Ensuring that employees are well-informed about cybersecurity best practices and the latest threat tactics can significantly reduce the risk of falling victim to phishing attacks and other exploits. Organizations that prioritize training and continuous education for their teams are better equipped to handle disruptions and maintain operational resilience.
Here are some essential tips to safeguard against phishing attacks:
- Verify web domains: Always check the legitimacy of web domains, especially if asked to click, download, or enter any kind of login credentials or other sensitive information.
- Limit personal information: Minimize the amount of personal information shared on company or security personnel social media accounts. Threat actors use any available information to craft personalized phishing emails.
- Avoid unsolicited emails and links: Any CrowdStrike customer affected by this outage should ensure they are communicating with legitimate representatives through official channels.
- Scrutinize unusual requests: Take an extra moment to scrutinize messages that contain out-of-the-ordinary or unsolicited requests. Even the savviest users can be tricked, so vigilance is key.
Adhere to best practices
Flashpoint will continue to monitor the situation, as disruptions and phishing attempts are likely to persist in the short term. While the immediate technical issue has been resolved, the broader cybersecurity implications of this event remain. Organizations must remain vigilant in identifying potential exploitation attempts. By adhering to best practices and maintaining an up-to-date incident response plan, security teams can better protect themselves from potential phishing attacks. For more information on anti-phishing best practices, check out Cybersecurity & Intelligence 101.