Cybersecurity professionals and organizations globally are alerting individuals to a surge of opportunistic hacking endeavors associated with the IT disruption.
While there is no proof that the CrowdStrike outage resulted
from malicious actions, certain malicious entities are trying to exploit the
situation.
Authorities in the UK and Australia are cautioning the
public to remain cautious of fraudulent emails, phone calls, and websites
posing as legitimate entities.
George Kurtz, the CEO of CrowdStrike, urged users to verify
the authenticity of the company's representatives before proceeding with any
downloads of fixes.
“We know that adversaries and bad actors will try to exploit
events like this,” he said in a blog post.
“Our blog and technical support will continue to be the
official channels for the latest updates.”
Troy Hunt, a cybersecurity expert who operates the popular
Have I Been Pwned security website, reiterated his sentiments.
“An incident like this that has commanded so many headlines
and has people worried is a gift to scammers,” he said.
Hunt responded to a notification from the Australian Signals
Directorate (referred to as the ASD, similar to the UK’s GCHQ or the US’s
National Security Agency) which had issued an advisory about hackers
disseminating counterfeit software patches falsely claiming to be from
CrowdStrike.
“Alert! We understand a number of malicious websites and
unofficial code are being released claiming to help entities recover,” the
notice reads.
The organization is advising IT responders to exclusively
utilize CrowdStrike's website for obtaining information and assistance.
The caution from ASD comes after the UK's National Cyber
Security Centre (NCSC) issued a warning on Friday, urging individuals to remain
highly vigilant against suspicious emails or calls impersonating CrowdStrike or
Microsoft support.
“An increase in phishing referencing this outage has already
been observed, as opportunistic malicious actors seek to take advantage of the
situation,” the agency said.
Fear and uncertainty
Hackers always adapt their methods in response to major news
events, particularly those related to technology, in order to exploit the
resulting fear and uncertainty.
This was evident during the Covid-19 pandemic, as hackers
modified their phishing tactics to exploit the situation and target individuals
and organizations.
Given the widespread coverage of the IT outage, it is likely
that hackers will seek to take advantage of the situation.
Researchers at Secureworks have reported a significant
increase in CrowdStrike-themed domain registrations. This surge indicates that
hackers are creating new websites designed to appear legitimate, with the
intention of deceiving IT managers or the general public into downloading
harmful software or disclosing private information.
The guidance primarily targets IT managers who are facing
the impact of this situation while working to restore their organizations'
online presence.
However, individuals may also become victims, prompting
experts to advise vigilance and reliance solely on information provided through
official CrowdStrike channels.