Cybersecurity experts and agencies worldwide are alerting the public about a wave of opportunistic hacking attempts linked to the recent IT outage.
Although there is no evidence that the CrowdStrike outage was caused by malicious activity, some bad actors are attempting to take advantage of the situation.
Cyber agencies in the UK and Australia are warning people to be vigilant about fake emails, calls, and websites posing as official. CrowdStrike’s CEO, George Kurtz, encouraged users to ensure they are communicating with official company representatives before downloading fixes.
“We know that adversaries and bad actors will try to exploit events like this,” he stated in a blog post. “Our blog and technical support will continue to be the official channels for the latest updates.”
His sentiments were echoed by cybersecurity expert Troy Hunt, who runs the well-known Have I Been Pwned security website. “An incident like this that has commanded so many headlines and has people worried is a gift to scammers,” he said.
Hunt was responding to a warning from the Australian Signals Directorate (ASD), which issued an alert about hackers sending out bogus software fixes claiming to be from CrowdStrike. “Alert! We understand a number of malicious websites and unofficial code are being released claiming to help entities recover,” the notice reads. The agency urges IT responders to only use CrowdStrike’s website for information and assistance.
This warning follows calls from the UK’s National Cyber Security Centre (NCSC) on Friday for people to be hyper-vigilant about suspicious emails or calls pretending to be from CrowdStrike or Microsoft. “An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation,” the agency said.
Whenever there is a major news event, especially one linked to technology, hackers respond by adjusting their methods to exploit fear and uncertainty. Similar tactics were observed during the Covid-19 pandemic when hackers adapted their phishing email attacks to offer information about the virus or even claim to have an antidote to hack individuals and organizations.
Due to the IT outage being a global news story, hackers are capitalizing on the situation. According to researchers at Secureworks, there has been a sharp rise in CrowdStrike-themed domain registrations—hackers creating new websites designed to look official to trick IT managers or the public into downloading malicious software or providing private details.
The advice is primarily for IT managers working to get their organizations back online, but individuals may also be targeted. Experts warn everyone to be cautious and only act on information from official CrowdStrike channels.