CrowdStrike Phishing Attacks Appear in Record Time



crowdstrike-glitchI have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called "CEE". As in Company Extinction Event. 

But first: Our systems and network were not affected and we have no impact from this.

Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos.

Numerous websites have surfaced, promising help to those affected by the outage. Names like crowdstriketoken[.]com, crowdstrikedown[.]site, crowdstrikefix[.]com, were identified by a UK-based cybersecurity researcher specializing in credential phishing.

These new domains were registered and designed in record time to lure in people desperate to restore their systems. While phishing sites commonly emerge following major events, the scale of Friday’s outages presents a vast field of potential victims.

According to the researcher, several sites were still under construction, including crowdstrike-helpdesk[.]com, and crowdstrikeclaim[.]com. Bloomberg reported that he began monitoring the situation around midday in the UK and discovered new domains registered as early as 4:12 a.m. EDT, totaling 28 sites so far.

NOTE: the fix is to boot into the Windows “safe mode,” delete the offending file—called C-00000291*.sys—and reboot. Microsoft says 8.5 million devices were impacted, that number represents less than 1% of Windows devices worldwide.

The US Cybersecurity and Infrastructure Security Agency (CISA) has already observed threat actors exploiting this incident for phishing and other malicious activities. They urge people to avoid clicking on suspicious links.

George Kurtz, CEO of CrowdStrike, said: "Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again."

I know George and I'm sure that CrowdStrike will survive this. But it sure is a massive headache for customers. He said: "We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates." 

Exactly. Warn your users to not get lured onto a scam site and download a fake update.

FULL DISCLOSURE: It is exceedingly rare that I buy individual stocks, but I bought CRWD "on the dip".


Free BreachSim Tool

How easy is it for bad actors to penetrate your system and exfiltrate your data? Pinpoint vulnerabilities, take action and build stronger cyber defenses with KnowBe4’s Breach Simulator “BreachSim.” Based on techniques outlined in the MITRE Att&CK framework, BreachSim launches 12+ simulated scenarios to uncover the stark reality of what happens when employees unknowingly fall for an attack.

BreachSim LogoHow BreachSim works:

  • 100% harmless simulation of real breach and data exfiltration attacks
  • Provides secure .txt, .doc, and .bmp test files for the simulation
  • Tests 12+ realistic data exfiltration scenarios following the MITRE Att&CK framework
  • Just download the installer, upload the secure test files, and run

Results in a few minutes!

Try Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/free-tools/breach-simulator

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews