Security firm CrowdStrike caused unintentional chaos around the world on Friday after deploying a flawed software update to the company’s Falcon monitoring platform that crashed Windows computers running the product. The fallout from the incident will take days to resolve, and the company warns that while system administrators and IT staff work on a fix, another threat looms: predatory digital scams trying to cash in on the crisis.
On Friday afternoon, researchers began warning that attackers are reserving domain names and beginning to create websites and other infrastructure to run “CrowdStrike support” scams targeting the company’s customers and anyone else who might be affected by the chaos. CrowdStrike’s own researchers The activity was also warned about. on Friday and published a list of domains apparently registered to impersonate the company.
“We know that adversaries and bad actors will try to take advantage of events like this,” said CrowdStrike founder and CEO George Kurtz. wrote in a statement. “I encourage everyone to stay tuned and make sure to stay in touch with official CrowdStrike representatives. Our blog and support will remain the official channels for the latest updates.”
Attackers inevitably take advantage of major global events, as well as trending topics in specific geographic areas, to try to trick people into sending them money, steal targeted account credentials, or compromise victims with malware.
“Threat actors invariably try to capitalize on any major event,” said Brett Callow, executive director of cybersecurity and data privacy communications at FTI Consulting. “Whenever an organization experiences an incident, customers and business partners need to be prepared for it.”
While most people aren’t personally responsible for fixing CloudStrike-related computer outages, the incident is ripe for exploitation because some of the IT professionals working on the fix might be desperate for solutions. In most cases, fixing affected computers involves individually rebooting and patching each one—a process that can be time-consuming and logistically difficult. And for small business owners who don’t have access to extensive IT expertise, the challenge can be particularly daunting.
Researchers, including those at CrowdStrike Intelligence, have so far seen attackers sending phishing emails or making phone calls impersonating CrowdStrike technical support staff and selling software tools that claim to automate the process of recovering from the faulty software update. Some attackers also pose as researchers and claim to have special information vital to recovery — that the situation is actually the result of a cyberattack, which it is not.
CrowdStrike emphasizes that customers should confirm that they are communicating with legitimate company personnel and rely solely on official company corporate communications.
“Prompt alerts to employees outlining potential risks will help,” Callow says of how CloudStrike customers should work to defend themselves. “Prevention is better than cure.”
