CrowdStrike outage sparks wave of targeted phishing attacks
Cybercriminals are taking advantage of the recent CrowdStrike outage to launch social engineering attacks against the security vendor’s customers. National cybersecurity agencies in the US, UK, Canada, and Australia reported a surge in phishing activity following the event.
According to Luigi Lenguito, CEO of BforeAI, these post-CrowdStrike attacks are more voluminous and targeted than usual. “We’re seeing about 150 to 300 attacks per day,” he says. This is significantly higher than the typical spike in cyber threats seen after major news events.
The attackers are using various tactics, including masquerading as CrowdStrike or its competitors. They are also distributing malware, such as ZIP files containing malicious software like HijackLoader and RemCos RAT.
To protect themselves, organizations can use blocklists, protective DNS tools, and only seek technical support from authorized CrowdStrike channels. Alternatively, they can wait for the attacks to subside, as Lenguito notes that these campaigns typically last around two to three weeks.
Source: https://www.darkreading.com/threat-intelligence/crowdstrike-updates-malware-attacks-snowball