Criminals exploit Crowdstrike outage to spread malware

22 Jul 2024

Image: © troyanphoto/Stock.adobe.com

Cybersecurity agencies have detected an increase in phishing campaigns, as criminals try to trick those affected by the outage to launch cyberattacks.

IT systems around the world appear to be slowly recovering from the massive Crowdstrike outage, but cyberattackers have been trying to take advantage of the situation.

The outage occurred on 19 July and quickly grew into a global crisis, with various sectors being severely disrupted after an outage caused Microsoft computers to shut down. Microsoft estimates that 8.5m Windows devices were affected by the disruption.

The outage was caused by a Crowdstrike software update that disrupted IT systems. Both Crowdstrike and Microsoft have been working with impacted customers to resolve the issue. But Crowdstrike has also warned of threat actors trying to capitalise on the situation by sending malware disguised as a company hotfix.

The cybersecurity company said it spotted ZIP files being distributed called “crowdstrike-hotfix.zip” which actually contains malware content. Crowdstrike spotted one campaign targeting customers in Latin America. The company advised organisations to ensure they are communicating with CrowdStrike representatives “through official channels”.

Meanwhile, Australia’s cyber intelligence agency – ASD – also warned about “malicious websites and unofficial code” being released to those that were impacted by the Crowdstrike outage. The agency warned consumers to “source their technical information and updates from official CrowdStrike sources only”. Australia’s Minister for cybersecurity Clare O’Neil, MP, also urged people to be “vigilant to scams”.

“What we are seeing some reporting of is attempts to conduct phishing through the incident that’s just occurred,” O’Neil said.

The UK’s National Cyber Security Center (NCSC) also warned that it spotted an increase in phishing messages trying to take advantage of the situation.

“Organisations should review NCSC guidance to make sure that multi-layer phishing mitigations are in place, while individuals should be alert to suspicious emails or messages on this topic and know what to look for,” the NCSC said.

Both Microsoft and Crowdstrike have issued updates over the weekend on how they are trying to resolve the massive outage. Yesterday (21 July), CrowdStrike said it tested a “new technique” to accelerate the fix for impacted systems.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com