The Indian cyber security agency CERT-In has said users impacted by the recent global computer outage are being targeted with phishing attacks. Fraudsters impersonating CrowdStrike support staff are offering to help them with system recovery tools and using the opportunity to install malware.
According to a CERT-In advisory issued on Saturday, these attacks could “entice an unsuspecting user to install unidentified malware, which could lead to data leakage and crashes.” The world suffered a major computer system outage on July 19 due to a faulty update to the CrowdStrike Falcon Sensor software, leading to a crash of the Microsoft Windows operating system. The event grounded numerous flights and hit business, banking, and hospital systems across the globe.
Systems have now recovered with CrowdStrike and Microsoft releasing official fixe.
Trojan malware
The attackers sell software scripts purporting to automate recovery, CERT-In said. The phishing attackers are also distributing “Trojan” malware. which they are calling recovery tools. CERT-In said.
A phishing attack is the fraudulent practice of impersonating reputed and official names and identities through email, text messages, or phone calls to trick the victim into sharing sensitive personal information like banking and credit card details and login or identity information.
CERT-In is the federal technology agency that combats cyber-attacks and guards the online space against phishing and hacking attempts and other cyber-attacks.
The advisory asked users and organisations to configure firewalls to block 31 types of URLs, like 'crowdstrikeoutage[.]info' and 'www.crowdstrike0day[.]com' among others apart from a number of hashes.
Cyber hygiene
The advisory asked users to deploy trusted cyber hygiene practices: to obtain software patch updates from authentic websites and sources; to avoid clicking documents with links to ".exe," as they are almost certainly malicious files disguised as legitimate documents; and to be cautious of suspicious phone numbers, as scammers often mask their identity by using email-to-text services to conceal their actual phone number.
It also suggested users only click URLs that have clear website domains and use safe browsing and filtering tools, apart from appropriate firewalls.
"Look out for valid encryption certificates by checking for the green lock in the browser's address bar, before providing any sensitive information, such as personal particulars or account login details," it said.
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
