Winsage
July 28, 2024
A surge of cybercriminal activity has followed the CrowdStrike outage, leading to an increase in social engineering attacks targeting the vendor's clients. National cybersecurity agencies in the US, UK, Canada, and Australia have reported a rise in phishing attempts, with daily attacks ranging from 150 to 300, significantly higher than typical volumes. Cybercriminals are exploiting the outage by impersonating CrowdStrike and offering technical support, targeting organizations directly affected by the incident. Over 2,000 phishing and typosquatting domains related to CrowdStrike have been registered, which may be used for malware distribution. Specific attacks have included a ZIP file containing HijackLoader and a phishing email with a malicious PDF attachment that installed a wiper. Organizations are advised to enhance their defenses by using blocklists and protective DNS tools and to seek support only from official CrowdStrike channels.
