In the wake of the major disruption caused by a faulty CrowdStrike update last week, cybercriminals are launching phishing and malware attacks targeting companies scrambling to fix their systems.
CrowdStrike Warns of Phishing Attempts: CrowdStrike is urging users to be cautious and only communicate with them through official channels, as “adversaries and bad actors will try to exploit events like this.” Similar warnings were issued by the U.K.’s National Cyber Security Center (NCSC) and automated malware analysis platform AnyRun.
Fake CrowdStrike Updates Deliver Malware:
- BBVA Bank Targeted: Researchers discovered a phishing campaign aimed at BBVA bank customers that offered a fake CrowdStrike Hotfix update that actually installed a remote access tool (RAT).
- Data Wiper Masquerades as Update: Another campaign distributes a data wiper disguised as a CrowdStrike update. This malware erases files and reports its actions on Telegram. Claimed by the pro-Iranian hacktivist group Handala, the attack targeted Israeli companies.
CrowdStrike Outage Caused Widespread Disruption:
The faulty CrowdStrike update impacted millions of Windows devices, leading to computer crashes that disrupted operations at airlines, financial institutions, hospitals, and other organizations. While the update has been fixed, some companies are still struggling to recover their systems.
Security Experts Recommend Vigilance:
This incident highlights the importance of remaining vigilant during security incidents. Users should be wary of unsolicited emails or updates, and only interact with official channels from trusted vendors.