AUSCERT issues critical warning - CrowdStrike technical outage exploited by cyber criminals - stay vigilant!
Announcement posted by AUSCERT 23 Jul 2024
On Friday 19 July, CrowdStrike released a sensor configuration update that triggered errors and system crashes in millions of Windows systems causing major business outages worldwide. CrowdStrike has assured users that the outage was not due to a cyberattack. Reports have since surfaced indicating that malicious actors are swiftly capitalising on the disruption created by this technical issue.
Reports from cybersecurity experts and industry analysts suggest that cyber criminals are leveraging the outage window to launch phishing campaigns and other malicious activities. These efforts aim to exploit emotions such as fear or urgency to manipulate users into making quick, uninformed decisions. This tactic aims to bypass users' critical thinking and make fraudulent schemes more successful.
Phishing attacks, in particular, have been observed mimicking CrowdStrike support communications. There also have been incidents where cyber criminals impersonated CrowdStrike staff in phone calls.
CrowdStrike has additionally noted instances where cyber criminals posed as independent researchers, falsely asserting evidence linking the technical issue to a cyberattack. They have offered supposed remediation insights and marketed scripts claiming to automate recovery from the content update problem.
In response to these developments, cybersecurity organisations and authorities have issued advisories urging heightened vigilance. Users are encouraged to verify the authenticity of communications, especially during service disruptions, and to adhere strictly to official channels for updates and support.
CrowdStrike has shared a list of domains impersonating CrowdStrike's brand during the outage. While some domains in this list are not currently hosting malicious content and may be intended to amplify negative sentiment, they could potentially support future social-engineering operations.
As CrowdStrike continues to restore full service functionality, the incident serves as a stark reminder of the evolving tactics used by cyber criminals. Organisations and individuals alike must remain vigilant, maintain updated security measures, and exercise caution in response to such incidents to mitigate potential risks effectively.
The swift and coordinated response from cybersecurity communities highlights the importance of proactive measures in safeguarding against opportunistic cyber threats, ensuring resilience in the face of technical disruptions and potential exploitation by malicious actors.
-Ends-
ABOUT AUSCERT
AUSCERT was founded in 1993 in response to an Australian university student hacking a computer system at NASA. This breach triggered a chain reaction to improve information security. In the early 1990's three Australian Universities came together and formed AUSCERT - the central source for information security and protection. Today, The University of Queensland has embraced AUSCERT as part of their organisation.
AUSCERT is a not-for-profit, member funded organisation based at The University of Queensland. It provides support to businesses during cyber security incidents, threat intelligence services and ongoing education and development programs.
AUSCERT's passionate team of leading cyber security experts deliver 24/7 service to more than 500 members spanning education and training, financial and insurance services, information, media and telecommunications and other key sectors alongside a range of comprehensive tools to strengthen cyber security strategic defences.
MEDIA ENQUIRIES
To arrange an interview with AUSCERT, please contact Media-Wize's Anthony Caruana on 0431 474 370 or Kathryn Goater on 0414 726 958.