The Indian cybersecurity agency, CERT-In, has alerted users about a phishing attack campaign targeting those affected by the recent global computer outage. Attackers are impersonating CrowdStrike support staff, offering fake system recovery tools to trick users into installing malware. This malware can lead to sensitive data leaks, system crashes, and data loss.
Incident Background
On July 19, a faulty update to the CrowdStrike Falcon Sensor software caused a major global computer systems outage, crashing Microsoft Windows operating systems. This outage disrupted flights, businesses, banking, and hospital systems worldwide, including in India. Although official fixes from CrowdStrike and Microsoft have restored most systems, some organizations are still recovering.
Phishing Campaign Details
Attackers are exploiting this situation by sending phishing emails and making phone calls posing as CrowdStrike support. They offer software scripts that supposedly automate recovery from the update issue but instead distribute Trojan malware. This malware can lead to severe consequences, such as sensitive data leakage and system crashes.
CERT-In Recommendations
CERT-In advises users and organizations to:
Configure firewall rules to block connections to suspicious URLs, such as ‘ info’ and ‘www.crowdstrike0day[.]com’.
Obtain software patch updates from authentic sources.
Avoid clicking on documents with “.exe” links, as these are likely malicious files.
Be cautious of suspicious phone numbers, as scammers may use email-to-text services to hide their identities.
Use safe browsing and filtering tools, appropriate firewalls, and verify encryption certificates by checking for the green lock in the browser’s address bar before entering sensitive information.
By following these cyber hygiene practices, users can protect themselves from these phishing attacks.