Cybercriminals are already capitalizing on the chaos from Fridayâs massive global tech outage by promoting fake websites filled with malicious software designed to compromise unsuspecting victims, according to warnings from the U.S. government and multiple cybersecurity professionals.
Hackers have been setting up phony websites meant to appeal to people seeking information on, or solutions to, the worldwide IT meltdown but in reality are designed to harvest visitorsâ information or to breach their devices, the security experts said.
The fraudulent sites use domain names that include keywords such as CrowdStrike â the cybersecurity firm behind a faulty software update that led to the crisis â or âblue screen,â which is what computers affected by the CrowdStrike glitch display when they boot up.
The fraudulent sites may try to lure victims in by promising a quick fix to the CrowdStrike issue or scam them with offers of fake cryptocurrency.
In a bulletin about the outage, the U.S. Department of Homeland Security said it has witnessed âthreat actors taking advantage of this incident for phishing and other malicious activity.â
âRemain vigilant and only follow instructions from legitimate sources,â said the bulletin issued by the Departmentâs Cybersecurity and Infrastructure Security Agency. CrowdStrike has issued its own guidance on what affected organizations can do in response to the issue.
The situation illustrates how a volatile, high-impact news event has created secondary risks for millions of people as malign actors try to benefit from the CrowdStrike disaster and as thousands of organizations scramble to recover from CrowdStrikeâs faulty software update.
âItâs a pretty standard pattern we see following incidents on this scale,â said Kenn White, an independent security researcher specializing in network security, in an interview with CNN. âCriminals are tireless in their creative pursuits to exploit the most vulnerable.â
Amid Fridayâs outage, CrowdStrike itself warned of hackers trying to exploit the situation by âleveraging the event as a lure.â In , CrowdStrike said malicious actors are not only creating fake websites but also impersonating CrowdStrike employees in scam emails and phone calls, even selling bogus software purporting to fix the glitch.
One example of that has been targeting Spanish-speaking CrowdStrike customers, the company said . The attack comes in the form of a misleadingly named file called crowdstrike-hotfix.zip. When opened, the file installs malicious software that phones home to a server the hackers control and may use to give additional instructions to the malware.
There is currently no automated fix for recovering from the CrowdStrike software glitch, which security experts have said will mean a long and arduous recovery thatâs likely to cost millions â if not billions â of dollars.
âCrowdStrike Intelligence recommends that organizations ensure they are communicating with CrowdStrike representatives through official channels and they adhere to technical guidance the CrowdStrike support teams have provided,â the company said.
In some ways, what is currently playing out in cyberspace resembles how mis- and disinformation can overwhelm the publicâs understanding of events taking place in the physical world.
Hackers commonly try to use high-profile news stories to funnel traffic their way. For example, after the massive Equifax data breach announced in 2017, security companies said they observed cybercriminals sending hundreds of thousands of phishing emails impersonating banks. The emails sought to prey on anxious victims who, given the Equifax news, may have been more likely to open an email from their financial institution, experts said at the time.
These types of event-driven scams are taking place against the backdrop of a broader rise in impersonation scams.
In recent years, the Federal Trade Commission has pointed to an uptick of scams in which cybercriminals pretend to be government officials or agencies, such as the Internal Revenue Service or the Social Security Administration. During the Covid-19 emergency, creative hackers even posed as FTC Chair Lina Khan and sent fake emails that falsely claimed the agency was distributing pandemic relief funds â prompting the FTC to plead with consumers not to respond to those messages.
Americans have collectively lost hundreds of millions of dollars to these impersonation scams, the FTC has said.
In a situation like the CrowdStrike outage, where people are searching for information in an urgent, fast-moving crisis and are hungry for solutions, phishing can mislead well-intentioned people and organizations into taking the wrong steps, making a bad deal even worse.
Phishing dangers compound other knock-on risks, as well. Some organizations may decide on their own to weaken or even disable their cybersecurity defenses while trying to get operations back to normal.
Ok this Crowdstrike thing is unprecedented and while the news is being processed I want to bring everyoneâs attention to the fact that as customers start to recovery, theyâll most likely disable or modify their Crowdstrike protections. This is going to leave a whole lore ofâŚ
â Azim (@AShukuhi)
âAs customers start to recover, theyâll most likely disable or modify their CrowdStrike protections,â said Azim Khodjibaev, a cybersecurity researcher at Cisco Talos, the cybersecurity arm of the networking company Cisco, in . âThis is going to leave a whole [lot] of people exposed!â
If businesses start falling victim to phishing attacks that wind up compromising important data or key systems, it could have ripple effects for their corporate clients and consumers, warned Brett Callow, managing director of the cybersecurity practice at FTI Consulting.
âBad actors routinely try to take advantage of current events, so itâs not all surprising to see them attempting to take advantage of this one,â Callow said. âAnd this, of course, is something that customers of companies which have experienced high profile incidents need to be ready for.â