[ad_1]
Cybersecurity experts and agencies around the world are warning that the information technology outage could lead to a series of opportunistic hacker attacks.
While there is no evidence that the CrowdStrike outage was caused by malicious activity, some bad actors are trying to take advantage of it.
Cyber agencies in the UK and Australia have warned people to be wary of fake emails, phone calls and websites posing as official ones.
CrowdStrike head George Kurtz encouraged users to always speak with an official representative of the company before downloading the fix.
“We know adversaries and bad actors will try to exploit events like this,” he said in a blog post.
“Our blog and technical support will continue to be the official channels for the latest updates.”
His words were echoed by Troy Hunt, a cybersecurity expert at the well-known security website Have I Been Pwned.
“With incidents like this dominating so many headlines, people are concerned it’s a gift to scammers,” he said.
Mr Hunt was responding to a warning from the Australian Signals Directorate, or ASD, the equivalent of Britain’s GCHQ or the US’s NSA, about hackers sending out fake software fixes claiming to be from CrowdStrike.
“Warning! We are aware that some malicious websites and unofficial code are being released claiming to help entity recovery,” the notice reads.
The agency urged IT responders to use only CrowdStrike’s website for information and assistance.
The ASD’s warning comes after the UK’s National Cyber Security Centre (NCSC) on Friday urged people to be on high alert for suspicious emails or phone calls posing as help from CrowdStrike or Microsoft.
“We have seen an increase in phishing activity related to this outage as opportunistic malicious actors seek to exploit the situation,” the agency said.
Whenever there’s a major news event, especially one related to technology, hackers adapt their existing methods to deal with the fear and uncertainty.
We’ve seen the same thing during the COVID-19 pandemic, as hackers have adapted their phishing email attacks to target individuals and organizations, offering information about the virus or even pretending to have an antidote.
As this IT outage made global news, we saw hackers taking advantage of the opportunity.
Secureworks researchers say there has been a sharp rise in CrowdStrike-themed domain name registrations — where hackers register new websites that appear official and could trick IT managers or the public into downloading malware or handing over private details.
This advice is primarily for IT managers who were impacted by this incident and are trying to get their organization back online.
But individuals could also be targeted, so experts warn to proceed with caution and only act on information from official CrowdStrike channels. (BBC News)
[ad_2]
Source link
