The Indian cybersecurity agency CERT-In has warned that users affected by the recent global computer outage are being targeted with phishing attacks. Cybercriminals posing as CrowdStrike support staff are offering assistance with system recovery tools but are actually using this opportunity to install malware.
According to a CERT-In advisory issued on Saturday, these attacks can “entice an unsuspecting user to install unidentified malware, which could lead to data leakage and crashes.” The global computer system outage on July 19 was caused by a faulty update to the CrowdStrike Falcon Sensor software, resulting in a crash of the Microsoft Windows operating system. This event grounded numerous flights and disrupted business, banking, and hospital systems worldwide.
The attackers are selling software scripts that supposedly automate recovery, according to CERT-In. The phishing attackers are also distributing Trojan malware disguised as recovery tools.
Phishing is the fraudulent practice of impersonating reputable and official entities through email, text messages, or phone calls to trick victims into sharing sensitive personal information, such as banking and credit card details or login credentials.
CERT-In, the federal technology agency responsible for combating cyber-attacks and protecting the online space from phishing, hacking, and other cyber threats, has advised users and organizations to configure firewalls to block 31 types of URLs, including ‘crowdstrikeoutage[.]info’ and ‘www.crowdstrike0day[.]com,’ among others, as well as a number of hashes.
