Published on: July 24, 2024
Cybercriminals are exploiting the chaos resulting from a massive global tech outage on Friday by promoting fake websites filled with malicious software, designed to compromise unsuspecting victims, according to warnings from the US government and cybersecurity professionals.
Hackers have been setting up fraudulent websites targeting individuals seeking information or solutions to the IT meltdown. These sites are designed to harvest visitors’ information or breach their devices. The fraudulent sites use domain names that include keywords such as CrowdStrike — the cybersecurity firm behind the faulty software update that led to the crisis — or “blue screen,” a term referring to the error displayed on affected computers.
The US Department of Homeland Security has issued a bulletin warning of “threat actors taking advantage of this incident for phishing and other malicious activity.” The bulletin advises individuals to remain vigilant and follow instructions only from legitimate sources.
“It’s a pretty standard pattern we see following incidents on this scale,” said Kenn White, an independent security researcher. “Criminals are tireless in their creative pursuits to exploit the most vulnerable.”
CrowdStrike itself has also warned of hackers leveraging the situation by creating fake websites and impersonating CrowdStrike employees in scam emails and phone calls. These malicious actors are even selling bogus software claiming to fix the glitch.
The CrowdStrike outage, caused by a faulty update, led to widespread disruptions across multiple sectors globally, affecting everything from air travel to banking and telecommunications. CrowdStrike’s CEO, George Kurtz, has apologized for the incident, stating that the problem was identified quickly and a fix was deployed. However, the recovery process for affected systems is expected to be long and arduous, potentially costing millions of dollars.
Experts highlight the secondary risks that such high-impact news events can create. For instance, phishing scams can mislead people into taking harmful actions, exacerbating the situation. “As customers start to recover, they’ll most likely disable or modify their CrowdStrike protections,” warned Azim Khodjibaev, a cybersecurity researcher at Cisco Talos. “This is going to leave a whole lot of people exposed.”
In similar past incidents, such as the Equifax data breach in 2017, cybercriminals sent phishing emails impersonating banks to prey on anxious victims. The CrowdStrike incident has prompted cybersecurity experts to remind organizations and individuals to adhere to technical guidance from legitimate sources and remain cautious of potential scams.