The outages caused by cybersecurity giant CrowdStrike have brought travel and business to a standstill around the world, but as much of the world slowly comes back online, malicious actors are also looking to exploit the situation for their own profit.
The U.S. cybersecurity agency CISA said in a statement on Friday that while the CrowdStrike outage was not linked to a cyberattack or malicious activity, “we have observed threat actors leveraging the incident for phishing and other malicious activity.”
CISA warned people to “avoid clicking on phishing emails or suspicious links” that could lead to email compromise or other scams.
It's not uncommon for bad actors to take advantage of chaotic situations to launch cyber attacks, especially with campaigns that are easy to create and quickly customize, like email or text phishing.
One security researcher at X (formerly Twitter) said that bad actors have already been sending phishing emails using various domains impersonating CrowdStrike. One of the emails posted falsely claimed that they could “fix CrowdStrike's doomsday” if recipients paid a fee worth hundreds of euros to a random cryptocurrency wallet.
In reality, the only effective fix is to either repeatedly reboot the affected computers and hope they stay on long enough for the newly fixed update to be downloaded and installed, or manually delete the faulty files from all the computers that no longer work.
Rachel Toback, a social engineering expert and founder and president of cybersecurity firm Social Proof Security, said in a series of X posts that criminals would use the outage as cover to trick victims into handing over passwords and other sensitive codes.
“Remember, before you take any sensitive action, you need to make sure the person you're talking to is who they say they are,” Toback said.
A flawed software update released by CrowdStrike crashed countless Windows computers running the company's antimalware and security software early Friday morning. CrowdStrike said the bug had been fixed but warned that the need to manually repair each affected computer could lead to lengthy outages.
CISA said it is “working closely with CrowdStrike and our federal, state, local, tribal and territorial partners” to assist with the fixes, as well as with critical infrastructure and international partners.