On July 19, a global outage struck numerous institutions worldwide, affecting airports, banks, and media services, resulting in over $1 billion in losses and impacting more than 49 million people [1]. Following the disruption of CrowdStrike’s Falcon platform, experts have warned of a rise in phishing attacks. Scammers are exploiting the chaos by offering fraudulent solutions, further aggravating the impact of the outage. This article will explore how this widespread disruption is fueling a surge in phishing scams.
Explaining the outage
Figure 1: A faulty software update from CrowdStrike caused widespread disruption across businesses, airlines, and retailers worldwide, with many experiencing the Blue Screen of Death [2].
Many Windows users experienced the Blue Screen of Death (BSOD), causing further disruptions. This issue was linked to an update from the cybersecurity company CrowdStrike. CrowdStrike released a detailed report explaining that a defective update caused the outage.
Figure 2: IndiGo staff manually write flight details on boarding passes following a Windows outage [3].
George Kurtz, the President and CEO of CrowdStrike, issued a statement explaining that the outage was due to a faulty update from CrowdStrike: “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, and isolated, and a fix has been deployed. We recommend customers use our support portal for updates and communicate with Crowdstrike representatives through official channels.”[4]
The global outage’s impact on rising phishing threats
On July 20, the Cyber Security Agency (CSA) of Singapore alerted users on social media platform X about a phishing campaign targeting CrowdStrike users due to a faulty software update. The cyber threat actors exploit the outage to send phishing emails or make phone calls while impersonating CrowdStrike support staff.
Figure 3: Phishing email impersonating the support Crowdstrike staff to offer a solution to fix the outage, prompting users to click on a malicious file [5]
Scammers may also pose as independent researchers, claiming they have proof that the technical issue is linked to a cyber attack and offering false remediation insights or selling scripts that claim to automate the recovery process. The CSA highlighted potentially malicious domains such as crowdstrike.phpartners[.]org, crowdstrike0day[.]com, and crowdstrikebluescreen[.]com, which mimic CrowdStrike.
“It is advised that organizations ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided,” CSA said in a statement on its website.
On July 19, CrowdStrike founder and CEO George Kurtz apologized for the outage, confirming it was not caused by a cyber attack. He also warned users not to fall for scams related to the outage, stating, “We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”[1]
On July 20, the Australian Signals Directorate (ASD), the nation’s cyber intelligence agency, reported the emergence of malicious websites and unofficial code claiming to help entities recover from the widespread disruptions. The ASD’s cyber security center urged consumers to obtain technical information and updates exclusively from official CrowdStrike sources.
Cyber Security Minister Clare O’Neil warned Australians on X to stay vigilant against potential scams and phishing attempts [6].
Cyber Security Minister Clare O’Neil advised Australians via social media platform X to be vigilant against potential scams and phishing attempts [6].
How to protect yourself from phishing attacks:
To stay safe from phishing attacks on email and social media, follow these essential steps:
- Verify the sender’s email address or social media profile before clicking on links or downloading attachments.
- Use strong, unique passwords for each account and enable two-factor authentication.
- Be cautious of unsolicited messages requesting personal information or urgent actions.
Protect your business’s online presence
Phishing is no longer confined to email; it has evolved to social media, with scammers now using phishing DMs and fake accounts of businesses, banks, and more. Monitor your social media with Eydle to stay protected.
At Eydle, we are dedicated to protecting businesses from online scammers who try to damage their reputation and trust. Our AI-based scam detection technology finds fake posts, logos, accounts, comments, and profiles, keeping you safe from online fraudsters. With a team of AI experts from MIT, Stanford, and Carnegie Mellon, we’ve created the Eydle solution to keep your business safe from these bad actors.
Learn more about how we can protect you by visiting www.eydle.com or emailing us at [email protected].
Sources:
- https://www.straitstimes.com/tech/early-impact-reports-estimate-global-it-outage-affected-over-49-million-people
- https://www.straitstimes.com/tech/csa-warns-crowdstrike-users-against-phishing-scams-after-global-tech-outage
- https://www.freepressjournal.in/viral/hand-written-boarding-pass-today-indigo-staff-manually-pens-down-flight-details-on-boarding-pass-after-windows-faces-outage
- https://www.businesstoday.in/technology/news/story/microsoft-outage-crowdstrike-reveals-technical-reasons-behind-one-of-the-biggest-outages-of-history-437910-2024-07-20
- https://www.pcrisk.com/removal-guides/30522-crowdstrike-scam
- https://www.straitstimes.com/tech/australia-warns-of-malicious-websites-after-cyber-outage
