Govt Agency Warns Of Phishing Attack Campaign Targeting CrowdStrike Users, Know How You Can Protect Yourself

Indian cybersecurity agency, CERT-In, has announced that a phishing attack campaign has attacked the users who were impacted by the recent Microsoft global outage. As per the agency's warning, the attackers are impersonating CrowdStrike support staff to lure people in to cooperate by offering them help with system recovery tools. As per the advisory issued on Saturday, these attack campaigns could “entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data leak.”

The systems that were affected during the outage have recovered due to the fixes released by CrowdStrike and Microsoft. Some users have now launched a 'phishing campaign' to target CrowdStrike users and they are leveraging the outage issue to conduct 'malicious' activities. 

ALSO READ | Weekly Tech Wrap: Budget 2024 Makes Smartphones Cheaper, Apple May Produce iPads In Tamil Nadu, More

Modus Operandi

As per the advisory from the CERT-In, the attackers are launching this attack by sending phishing emails. Then they are connecting with CrowdStrike users via call and are posing as CrowdStrike support. They are selling software scripts to these customers by saying that it will automate recovery from the content update issue.

The attackers are also distributing ‘Trojan’ malware by disguising them as recovery tools. This operation is being carried out so smoothly that it can easily entice any unsuspected user to install unidentified malware. Once they install it, it can easily lead to sensitive data leakage, system crashes and data loss.

How To Safeguard Yourself Against This Threat

As per the advisory, users and organisations have been asked to configure their firewall rules to block connections against 31 types of URLs such as ‘crowdstrikeoutage[.]info’ and ‘www.crowdstrike0day[.]com’. Users have also been recommended to deploy cyber hygiene practices such as fetching software patch updates from trusted websites and sources, avoiding clicking a document with a link to “.exe”, and being cautious against suspicious phone numbers.

CERT-In also suggested users only click URLs that have clear website domains and they should use safe browsing and filtering tools apart from apt firewalls.

CERT-In added, “Look out for valid encryption certificates by checking for the green lock in the browser’s address bar, before providing any sensitive information such as personal particulars or account login details."