How Hackers are Making the Most of the CrowdStrike Outage and Its Aftermath

Late last week one of our vendors released a faulty update impacting millions of Windows machines worldwide. Errors happen, this was a big one. But the company, a trusted cybersecurity firm, has responded extremely well with a high degree of transparency and a fast response to help its clients, including FIT. While the event is concerning, the SUNY system has approximately 25 schools that are using CrowdStrike, and collectively we still have faith in CrowdStrike’s products and services. The company has just released its Post Incident Review delineating the steps they have implemented to ensure that nothing of this magnitude happens again. Luckily, at FIT, we had a relatively small footprint of impacted devices. Our amazing staff recovered about 850 impacted computers and servers, working quickly throughout the weekend. It’s bad enough that this happened, but of course for some enterprising hackers it is an opportunity within the chaos, a phishing bonanza.

The Current Common Scams Related to CrowdStrike
Here’s a glimpse into their not-so-clever playbook:

• Phishing Emails from “CrowdStrike Support”
  These emails, with subject lines like “URGENT: Fix Your Defender Issue NOW!” or “Your System is Infected After Outage!”, would typically contain a link that, when clicked, would download malware or steal login credentials. Remember, CrowdStrike isn’t going to reach out in a panic via an email with typos.

• Fake “Solution” Websites
  Some hackers even set up fake websites mimicking the CrowdStrike site. These sites would offer a magic fix for the outage, but of course, the only magic involved would be how quickly you were cyber attacked.

• Tech Support Scams
  Hopefully, you didn’t receive a random call claiming to be from Microsoft offering to help you with the outage for a small “service fee.”

How to Stay Safe

• Be Wary of Unsolicited Contact
  If CrowdStrike or Microsoft needs to reach you, they’ll likely do it through your official account, not a random email or phone call.

• Check Sender Info
  Look closely at the email address and caller ID. Does it look legitimate? A string of random letters and numbers followed by “@[invalid URL removed]” is a pretty big red flag.

• Don’t Click on Suspicious Links
  If you’re unsure about a link, hover over it with your mouse to see the actual URL. Does it match what the text says? If not, steer clear!

Cybercriminals often use scams and phishes that exploit a current event. Whether it’s a global IT outage, a pandemic, or a natural disaster, cybercriminals leverage the confusion and fear surrounding these news cycles to launch phishing attacks and deploy malware disguised as legitimate updates. 

So stay vigilant, and don’t let the headlines become your cyber downfall!