I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called “CEE”. As in Company Extinction Event.
Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos.
Numerous websites have surfaced, promising help to those affected by the outage. Names like crowdstriketoken[.]com, crowdstrikedown[.]site, crowdstrikefix[.]com, were identified by a UK-based cybersecurity researcher specializing in credential phishing.
These new domains were registered and designed in record time to lure in people desperate to restore their systems. While phishing sites commonly emerge following major events, the scale of Friday’s outages presents a vast field of potential victims.
According to the researcher, several sites were still under construction, including crowdstrike-helpdesk[.]com, and crowdstrikeclaim[.]com. Bloomberg reported that he began monitoring the situation around midday in the UK and discovered new domains registered as early as 4:12 a.m. EDT, totaling 28 sites so far.
NOTE: the fix is to boot into the Windows “safe mode,” delete the offending file—called C-00000291*.sys—and reboot.
The US Cybersecurity and Infrastructure Security Agency (CISA) has already observed threat actors exploiting this incident for phishing and other malicious activities. They urge people to avoid clicking on suspicious links.
George Kurtz, CEO of CrowdStrike, said: “Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again.”
I know George and I’m sure that CrowdStrike will survive this. But it sure is a massive headache for customers. He said: “We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”
Exactly. Warn your users to not get lured onto a scam site and download a fake update.
FULL DISCLOSURE: It is exceedingly rare that I buy individual stocks, but on 7/29/2024 I bought CRWD “on the dip”.