As if firms hit by the recent massive IT outage don’t already have enough to deal with, they’re now being warned to be wary of scammers and hackers looking to take advantage of the situation.
The global incident kicked off when an update for Windows hosts that contained an error was rolled out by Texas-based cybersecurity firm CrowdStrike. The ensuing chaos impacted important services around the world, with sectors such as travel, banking, retail, and health care all suffering major disruption late Thursday and into Friday.
In a blog post on Friday, CrowdStrike CEO George Kurtz warned that “adversaries and bad actors will try to exploit events like this.”
Kurtz continued: “I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”
The following day, CrowdStrike revealed that threat actors were attempting to leverage the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads Remcos, which grants an attacker control of an infected computer.
In a follow-up post on Sunday, the company again warned that customers should “verify they are communicating with CrowdStrike representatives through official channels.”
America’s Cybersecurity and Infrastructure Security Agency (CISA) commented on Sunday that “cyberthreat actors continue to leverage the outage to conduct malicious activity, including phishing attempts.” The agency is continuing to work closely with CrowdStrike and other private sector and government partners to actively monitor any emerging malicious activity, it said.
It’s also possible that, because the IT outage was so huge and gained such widespread coverage, even computer users who have nothing to do with CrowdStrike could be tricked into believing they need to install an “essential update” to ensure their PC doesn’t experience any issues going forward. With that in mind, now is the time to be extra vigilant when dealing with emails and messages, especially if they’re trying to get you to download something or click on a link.
