CrowdStrike has notified its customers that cybercriminals have launched spear phishing attacks on German users following the global internet outage caused by the cybersecurity company’s software update.
The criminals tricked users into downloading a phony CrowdStrike Crash Reporter. Once installed, the malicious software pretended to be a legitimate update while hackers conducted illicit activities in the background.
“Companies impacted by the flawed CrowdStrike content update for Windows devices must take additional measures to educate staff and support IT teams to ensure that everyone is informed about how CrowdStrike is addressing the issue,” said Tracy Kitten, Director of Fraud and Security at Javelin Strategy & Research. “Updates are being administered via manual updates at the terminal or machine level, not through automated updates that are sent via email.”
Targeted Attacks
CrowdStrike is highly confident that the attacks were specifically targeted at certain users because the victims were required to enter a password that is likely known only to them. Additionally, the attacks were executed through a spear phishing website that focused solely on German-speaking CrowdStrike customers affected by the software update.
The cybercriminals had strong understanding of operational security practices, according to CrowdStrike. So far, the hackers have successfully thwarted the company’s efforts to identify them, which is not uncommon in phishing attacks.
Cybercriminals use advanced methods to impersonate company communications. Once a victim provides their credentials, the attackers often engage in fraudulent activities such as unauthorized credit card transactions, sending peer-to-peer payments through platforms like PayPal or Venmo, or modifying account information to confirm fund transfers.
Educating Consumers
CrowdStrike has advised its customers to only accept updates and technical support through official CrowdStrike channels. Users should also verify the legitimacy of sources before downloading any software. What’s more, the company recommends using download protection tools that can alert users to potentially harmful websites or downloads.
The global internet outage caused by CrowdStrike’s software update has revealed weaknesses in systems across nearly every industry. Unfortunately, many bad actors are ready to exploit these vulnerabilities.
“Cybercriminals will always take advantage of an opportunity to capitalize on a good phishing hook, and the CrowdStrike incident is no different,” Kitten said. “The same advice we would offer in the wake of any global noteworthy event holds true here. Think before you click, as with any malicious phishing campaign.”