In the wake of a massive global IT outage triggered by an error in a Windows host update, firms are facing a new threat: scammers and hackers looking to exploit the situation. The outage, which began on Thursday and continued into Friday, impacted crucial services across various sectors, including travel, banking, retail, and healthcare.
CrowdStrike, the Texas-based cybersecurity firm responsible for releasing the update that caused the outage, has issued warnings about the potential for malicious activity. In a blog post, CEO George Kurtz stated, “Adversaries and bad actors will try to exploit events like this.” He urged users to be vigilant and only engage with official CrowdStrike representatives, highlighting the company’s blog and technical support as the official sources for updates.
CrowdStrike revealed that threat actors are attempting to leverage the outage by distributing a malicious ZIP archive named “crowdstrike-hotfix.zip”. This archive contains a HijackLoader payload that, once executed, installs RemCos, giving attackers control over infected computers. In a subsequent post, CrowdStrike reiterated the importance of verifying communication with their representatives through official channels.
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has also acknowledged the ongoing malicious activity related to the outage, stating that “cyber threat actors continue to leverage the outage to conduct malicious activity, including phishing attempts.” CISA is collaborating with CrowdStrike and other private and government partners to actively monitor for emerging threats.
The widespread nature of the IT outage and its significant media coverage could lead to even unsuspecting computer users falling prey to scams. They may be tricked into believing they need to install an “essential update” to prevent further issues. This highlights the importance of exercising caution when dealing with emails and messages, particularly those prompting downloads or clicks on links.
In this heightened security environment, remaining vigilant and prioritizing communication through verified channels is crucial to protect against opportunistic attacks.