As much of the world slowly gets back online after an outage caused by cybersecurity giant CrowdStrike led to global travel and business gridlock, malicious actors are also trying to exploit the situation for their own gain.
U.S. cybersecurity agency Cybersecurity and Infrastructure Security Agency (CISA) said in a statement Friday that though the CrowdStrike outage was not linked to a cyberattack or malicious activity, it has “observed threat actors taking advantage of this incident for phishing and other malicious activity.”
CISA warned individuals to “avoid clicking on phishing emails or suspicious links,” which can lead to email compromise and other scams.
It’s not uncommon for malicious actors to exploit chaotic situations to carry out cyberattacks, especially campaigns that can be easily created and customized at short notice, like email or text phishing.
One security researcher on X, formerly Twitter, said malicious actors were already sending phishing emails using a variety of domains that impersonate CrowdStrike. One of the emails posted falsely claimed it could “fix the CrowdStrike apocalypse” if the recipient paid a fee worth several hundred euros to a random crypto wallet.
In reality, the only working fixes are either to repeatedly restart affected computers in the hope that they stay on long enough for the newly fixed update to download and install, or manually remove the defective file from every bricked computer.
Social engineering expert Rachel Tobac, who founded and heads cybersecurity firm SocialProof Security, said in a series of posts on X that criminals will also use the outage as cover to trick victims into handing over passwords and other sensitive codes.
“Remember: verify people are who they say they are before taking sensitive actions,” Tobac said.
Early Friday morning, a defective software update released by CrowdStrike caused a countless number of Windows computers running the company’s anti-malware and security software to crash. CrowdStrike said the bug has been fixed, but warned that the need to manually remediate each affected computer could result in lasting outages.
CISA said it was “working closely with CrowdStrike and federal, state, local, tribal and territorial partners,” as well as critical infrastructure and its international partners to help with fixes.