Cyber-security experts and agencies worldwide are cautioning individuals about a wave of hacking attempts related to the recent IT outage affecting CrowdStrike. While there is no evidence of malicious activity causing the outage, opportunistic bad actors are trying to exploit the situation by sending fake emails, calls, and websites posing as official sources. CrowdStrike head George Kurtz advises users to verify the legitimacy of representatives before downloading any fixes, emphasizing that the company’s blog and technical support are the only official channels for updates.
Cybersecurity expert Troy Hunt notes that incidents like this create opportunities for scammers, echoing warnings from agencies like the Australian Signals Directorate (ASD) and the UK’s National Cyber Security Centre (NCSC) to only use the official CrowdStrike website for information and help. Both agencies are alerting IT responders and individuals to be cautious of phishing attempts and unauthorized software claiming to assist in recovery.
Hackers often exploit major news events to target individuals and organizations, as seen with the Covid-19 pandemic. Secureworks researchers have observed a surge in CrowdStrike-themed domain registrations, indicating efforts by hackers to deceive IT managers and the public into downloading malicious software or sharing personal information. While the primary advice is directed at IT managers working to restore operations, individuals should also remain vigilant and rely on official CrowdStrike channels for information to avoid falling victim to scams.
Source
Photo credit www.bbc.com