Australian computer emergency response team AUSCERT has issued a ‘critical warning’ over cybercriminals exploiting the CrowdStrike outage.
Phishing attacks, in particular, have been observed mimicking CrowdStrike support communications and there also have been incidents where cyber criminals impersonated CrowdStrike staff in phone calls, AUSCERT says.
CrowdStrike itself has additionally noted instances where cyber criminals posed as independent researchers, falsely asserting evidence linking the technical issue to a cyberattack. They have offered supposed remediation insights and marketed scripts claiming to automate recovery from the content update problem.
In response to these developments, cybersecurity organisations and authorities have issued advisories urging heightened vigilance.
AUSCERT urged Australian users to verify the authenticity of communications, especially during service disruptions, and to adhere strictly to official channels for updates and support.
CrowdStrike has shared a list of domains impersonating CrowdStrike’s brand during the outage. While some domains in this list are not currently hosting malicious content and may be intended to amplify negative sentiment, they could potentially support future social-engineering operations.
As CrowdStrike continues to restore full service functionality, AUSCERT says the incident serves as a ‘stark reminder’ of the evolving tactics used by cyber criminals.
Referencing the ‘swift and coordinated’ response from cybersecurity communities, AUSCERT says this highlights the importance of proactive measures in safeguarding against opportunistic cyber threats, ensuring resilience in the face of technical disruptions and potential exploitation by malicious actors.
Click below to share this article