Global outage being leveraged to launch phishing attacks against CrowdStrike users: CERT-in

The Indian cybersecurity agency has reported a phishing campaign targeting users affected by the recent global computer outage. Attackers are impersonating CrowdStrike support staff to deceive victims with offers of system recovery assistance.

According to a CERT-In advisory issued on Saturday said, these attack campaigns could "entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data leak." The world suffered a major computer systems outage on July 19 due to a faulty update to the CrowdStrike Falcon Sensor software leading to crash of Microsoft Windows operating system. The event grounded numerous flights, hit business, banking and hospital systems across the globe including in India.

The systems have now recovered as both CrowdStrike and Microsoft released official fixes even as some organisations continue to recover from the mega technology meltdown.

'Phishing campaign'

It has been reported, the advisory said, that there are reports of an ongoing "phishing campaign" targeting CrowdStrike users leveraging this (global tech outage) issue to conduct "malicious" activities.

The attackers are sending phishing emails posing as CrowdStrike support to customers through phone calls. They sell software scripts purporting to automate recovery from the content update issue, it said.

The phishing attackers also are distributing 'Trojan' malware pretending as recovery tools and these attack campaigns could entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data loss, the CERT-In cautioned.

What is phishing?

A phishing attack is defined as the fraudulent practice of impersonating reputed and official names and identities through email, text messages or phone calls to trick the victim into sharing personal sensitive information like banking and credit card details and login or identity information.

The CERT-In is the federal technology agency to combat cyber attacks and guard the online space against phishing and hacking attempts and other category of cyber attacks.

The advisory asked users and organisations to configure thier firewall rules to block connections against 31 types of URLs (uniform resource locators) like 'crowdstrikeoutage[.]info' and 'www.crowdstrike0day[.]com' among others apart from a number of hashes.

Deeply trusted practices

The advisory asked users to deploy some trusted and often-mentioned cyber hygiene practices like: obtaining software patch update from authentic websites and sources; avoiding to click a document with link to ".exe" as they are certainly a malicious file disguised as a legitimate document; and being cautious against suspicious phone numbers as scammers often mask their identity by using email-to-text services to conceal their actual phone number.

It also suggested users to only click URLs that have clear website domain and using safe browsing and filtering tools apart from appropriate firewalls.

"Look out for valid encryption certificates by checking for the green lock in the browser's address bar, before providing any sensitive information such as personal particulars or account login details," it said.

(With agency inputs)