CrowdStrike users facing phishing attacks to plant malware: CERT-In

The world suffered a major computer system outage on July 19 due to a faulty update to the CrowdStrike Falcon Sensor software

Updated - July 28, 2024 10:25 pm IST - New Delhi

In this photo illustration, the CrowdStrike logo is displayed on a cell phone and computer monitor on July 19, 2024 in Los Angeles. Photo: Getty Images via AFP

In this photo illustration, the CrowdStrike logo is displayed on a cell phone and computer monitor on July 19, 2024 in Los Angeles. Photo: Getty Images via AFP

The Indian cyber security agency CERT-In has said users impacted by the recent global computer outage are being targeted with phishing attacks. Fraudsters impersonating CrowdStrike support staff are offering to help them with system recovery tools and using the opportunity to install malware.

According to a CERT-In advisory issued on Saturday, these attacks could “entice an unsuspecting user to install unidentified malware, which could lead to data leakage and crashes.” The world suffered a major computer system outage on July 19 due to a faulty update to the CrowdStrike Falcon Sensor software, leading to a crash of the Microsoft Windows operating system. The event grounded numerous flights and hit business, banking, and hospital systems across the globe.

Systems have now recovered with CrowdStrike and Microsoft releasing official fixe.

Trojan malware

The attackers sell software scripts purporting to automate recovery, CERT-In said. The phishing attackers are also distributing “Trojan” malware. which they are calling recovery tools. CERT-In said.

A phishing attack is the fraudulent practice of impersonating reputed and official names and identities through email, text messages, or phone calls to trick the victim into sharing sensitive personal information like banking and credit card details and login or identity information.

CERT-In is the federal technology agency that combats cyber-attacks and guards the online space against phishing and hacking attempts and other cyber-attacks.

The advisory asked users and organisations to configure firewalls to block 31 types of URLs, like 'crowdstrikeoutage[.]info' and 'www.crowdstrike0day[.]com' among others apart from a number of hashes.

Cyber hygiene

The advisory asked users to deploy trusted cyber hygiene practices: to obtain software patch updates from authentic websites and sources; to avoid clicking documents with links to ".exe," as they are almost certainly malicious files disguised as legitimate documents; and to be cautious of suspicious phone numbers, as scammers often mask their identity by using email-to-text services to conceal their actual phone number.

It also suggested users only click URLs that have clear website domains and use safe browsing and filtering tools, apart from appropriate firewalls.

"Look out for valid encryption certificates by checking for the green lock in the browser's address bar, before providing any sensitive information, such as personal particulars or account login details," it said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.