CERT-In warns of phishing campaign targeting CrowdStrike users after Microsoft outage: How to stay safe online

After the Microsoft outage on July 19, a global crisis struck Windows users, disrupting critical services like airports, banks, and telecommunications. This chaos stemmed from a defective update issued by CrowdStrike via its Falcon platform. The issue left Linux and Mac users unaffected.

Promptly, Microsoft and CrowdStrike identified the problem and released a fix. However, the aftermath has left CrowdStrike users vulnerable. The Indian government’s cybersecurity agency, CERT-In, has alerted the public to a phishing campaign exploiting this vulnerability.

CERT-In's website states, "There are reports of an ongoing phishing campaign targeting CrowdStrike users leveraging this issue."

The agency detailed several tactics used in the phishing attack, including fraudulent emails posing as CrowdStrike support, phone calls impersonating CrowdStrike personnel, sale of fake software scripts claiming to automate recovery from the update issue, and the distribution of trojan malware disguised as recovery tools.

In essence, this phishing campaign deceives CrowdStrike users with fake emails and calls, bogus recovery software, and malicious malware posing as legitimate recovery tools.

CERT-In warns, “These attack campaigns could entice unsuspected users to install unidentified malware, leading to sensitive data leakage, system crashes, and data loss.”

To safeguard against this phishing campaign, follow these precautions:

1. Verify Communications: Always confirm the legitimacy of emails and calls purporting to be from CrowdStrike support by contacting CrowdStrike directly through official channels.
2. Avoid Unverified Software: Refrain from downloading or installing software scripts or tools unless they are verified and sourced directly from CrowdStrike.
3. Verify official updates: Use updates and recovery tools exclusively from CrowdStrike or Microsoft’s official channels.
4. Be Cautious of Links: Avoid clicking on links or downloading attachments from unsolicited emails or messages.
5. Utilize security software: Make sure your system is equipped with the latest antivirus and anti-malware programs.
6. Report Suspicious Activity: Report any suspicious communications or unusual activity to CrowdStrike and your cybersecurity team immediately.

By adhering to these steps, CrowdStrike users can better protect themselves from the ongoing phishing threat and ensure their systems remain secure.