CrowdStrike’s outage earlier this month bricked 8.5 million PCs worldwide, grounding planes, taking news anchors off the air, disabling emergency services, and crashing banking services. It also created a prime opportunity for scammers.
While the issue itself was caused by a faulty update rather than a cyber attack, the outage’s tremendous impact on business customers large and small made it easy for bad actors to take advantage of those companies’ customers while they were scrambling to recover.
Last week, America’s Cyber Defense Agency, the U.K.’s National Cyber Security Centre, and Australia’s National Anti-Scam Centre all issued warnings to be on the lookout for scams during the outage. Now, McAfee is detailing some of the scams its labs observed, including domain spoofing, malware, and voice scams.
Malware
One popular scam, also detailed by CrowdStrike on its blog, involved CrowdStrike-themed malware, where a bad actor sent recovery guidelines that appeared to be from CrowdStrike but actually covertly incorporated a macro that installed malware on the device.
McAfee saw malware in different forms, including malware that terminated all of the running browser windows and then attempted to steal login information when the user loaded them again; wiper malware whose main purpose was to destroy data on a victim’s device; and malware that allowed attackers to take control of a victim’s computer and steal sensitive information.
Domain spoofing
After the outage started to gain media attention, McAfee notes that a number of domains using the word “crowdstrike” were registered, aimed at manipulating search engine results. Several of those are also parked domains, meaning that there’s nothing on them now, but they could be used for nefarious purposes in the future. If you’re looking for CrowdStrike’s website, make sure you’re at the right place.
McAfee also discovered several crypto wallets that were established with CrowdStrike themes.
While the outage impacted primarily enterprise services, McAfee notes that all consumers “should be extra vigilant regarding unsolicited communications from sources claiming to be an impacted business.” As always, it’s important to verify the sources of any communication you receive, and be skeptical about any unsolicited offers.
Most impacted services, even Delta, are back up and running, but bad actors could still be using the outage to target users with scams. McAfee notes that “unless you operate a business that uses CrowdStrike, you are likely not affected,” so it’s safe to say most any communication you receive regarding the outage, particularly that asking for personal information, is best left ignored.
And, if you are a CrowdStrike customer, maybe don’t spend that $10 Uber Eats apology from CrowdStrike all in one place.
No comments