CERT-In says global outage being leveraged to launch phishing attacks against CrowdStrike users


PTI, Jul 28, 2024, 3:56 PM IST

New Delhi: The Indian cyber security agency has said a phishing attack campaign has targeted users impacted by the recent global computer outage, with attackers impersonating CrowdStrike support staff to trick people by offering to help them with system recovery tools.

According to a CERT-In advisory issued on Saturday said, these attack campaigns could “entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data leak.”

The world suffered a major computer systems outage on July 19 due to a faulty update to the CrowdStrike Falcon Sensor software leading to crash of Microsoft Windows operating system. The event grounded numerous flights, hit business, banking and hospital systems across the globe including in India.

The systems have now recovered as both CrowdStrike and Microsoft released official fixes even as some organisations continue to recover from the mega technology meltdown.

It has been reported, the advisory said, that there are reports of an ongoing “phishing campaign” targeting CrowdStrike users leveraging this (global tech outage) issue to conduct “malicious” activities.

The attackers are sending phishing emails posing as CrowdStrike support to customers through phone calls. They sell software scripts purporting to automate recovery from the content update issue, it said.

The phishing attackers also are distributing ‘Trojan’ malware pretending as recovery tools and these attack campaigns could entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data loss, the CERT-In cautioned.

A phishing attack is defined as the fraudulent practice of impersonating reputed and official names and identities through email, text messages or phone calls to trick the victim into sharing personal sensitive information like banking and credit card details and login or identity information.

The CERT-In is the federal technology agency to combat cyber attacks and guard the online space against phishing and hacking attempts and other category of cyber attacks.

The advisory asked users and organisations to configure thier firewall rules to block connections against 31 types of URLs (uniform resource locators) like ‘crowdstrikeoutage[.]info’ and ‘www.crowdstrike0day[.]com’ among others apart from a number of hashes.

The advisory asked users to deploy some trusted and often-mentioned cyber hygiene practices like: obtaining software patch update from authentic websites and sources; avoiding to click a document with link to “.exe” as they are certainly a malicious file disguised as a legitimate document; and being cautious against suspicious phone numbers as scammers often mask their identity by using email-to-text services to conceal their actual phone number.

It also suggested users to only click URLs that have clear website domain and using safe browsing and filtering tools apart from appropriate firewalls.

“Look out for valid encryption certificates by checking for the green lock in the browser’s address bar, before providing any sensitive information such as personal particulars or account login details,” it said.

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Actress Kasthuri released from jail, says ‘I thank those who made me raging storm’

Kidnapped for ransom in 1998, 26/11 survivor Gautam Adani faces biggest trial

100 engineering colleges in Karnataka to be ‘adopted’ by corporates by next year: IT Minister Kharge

Siddaramaiah defends BPL ration card cancellation, says only ineligible beneficiaries affected

China announces new policy measures to protect its exports from Trump’s new tariff threat

Renovated Medical Oncology OPD and Chemotherapy Day Care Centre inaugurated at Kasturba Hospital, Manipal

Karnataka Health Minister justifies revision of user fees in state-run hospitals

Related Articles More

BTS2024: If India can make rocket sensors, it can also make car sensors, says ISRO chief Somanath

World COPD Day: Know your lung function

SpaceX successfully launches ISRO’s 4,700 kg communication satellite from US

As AI and megaplatforms take over, the hyperlinks that built the web may face extinction

Plastic waste could double by 2050, researchers find, suggest policies to address issue

MUST WATCH

Christmas Cake Fruit Mixing

DK Shivakumar

Rose Cultivation

Geethotsava

Naxal Operation


Latest Additions

Siddaramaiah says confident of winning all three bypolls in Karnataka

Hop on! IT Minister Priyank Kharge checks out Uber Shuttle at Bengaluru Tech Summit

Actress Kasthuri released from jail, says ‘I thank those who made me raging storm’

Kidnapped for ransom in 1998, 26/11 survivor Gautam Adani faces biggest trial

AIMPLB to hold its annual general sessions in Bengaluru from November 23

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.