As efforts to recover from the CrowdStrike incident on Friday, July 19 continue, cyber criminals and scammers are taking advantage of the situation. They have created over 180 malicious domains associated with CrowdStrike’s branding, targeting sectors such as charities, non-profit organizations, and education providers. These malicious websites offer fake information or solutions related to the incident, often using keywords that people may be searching for.
Web security specialist Akamai has identified these malicious domains, warning that they may appear legitimate due to their use of common keywords and the .com TLD. These sites may use SSL validation and other security measures to appear authentic, and may even redirect users to the real CrowdStrike website at some point. Some of the more sophisticated scams have failover and obfuscation mechanisms, making them harder to detect.
To avoid falling victim to these scams, individuals are advised to check for indicators of ill intent, such as requesting sensitive information or offering help via email. It is recommended to follow advice and remediation steps only from credible sources like CrowdStrike or Microsoft. Security professionals can also block known indicators of compromise and perform adversary emulation to strengthen their defenses.
The CrowdStrike incident is not linked to a zero-day vulnerability, but cyber criminals may still find ways to exploit it to drop ransomware. As attackers become more sophisticated, it is important for individuals and organizations to stay vigilant and only trust information from reliable sources to protect themselves from falling victim to phishing campaigns.