CERT-In Warns on Phishing Attacks Against CrowdStrike Users

The Indian cybersecurity agency CERT-In has issued a warning about phishing attacks targeting CrowdStrike users affected by a recent global computer outage. Fraudsters are impersonating CrowdStrike support staff, offering system recovery tools that install malware.

The phishing attacks follow a global system disruption on July 19, caused by a faulty update to the CrowdStrike Falcon Sensor software. This issue led to crashes in Microsoft Windows operating systems, affecting businesses, banking, and healthcare systems worldwide. Although CrowdStrike and Microsoft have since released official fixes, attackers are exploiting the situation by selling scripts claiming to automate recovery.

These phishing scams trick users into downloading Trojan malware disguised as recovery tools, potentially leading to data leaks and system crashes. Phishing attacks typically involve scammers posing as legitimate entities via email, text messages, or phone calls to steal sensitive information like banking details and login credentials.

CERT-In, the Indian federal agency dedicated to combating cyber-attacks, has advised users and organizations to configure firewalls to block 31 types of URLs, including 'crowdstrikeoutage[.]info' and 'www.crowdstrike0day[.]com', along with several malware-related hashes.

The agency also recommends following trusted cybersecurity practices: obtaining software updates from authentic sources, avoiding opening documents with ".exe" links, being wary of suspicious phone numbers, clicking only on clear and legitimate URLs, and using safe browsing and filtering tools alongside robust firewalls. These measures are crucial in safeguarding against the current phishing threats targeting CrowdStrike users.

"Ensure that websites have valid encryption certificates by checking for the green lock in the browser's address bar before entering sensitive information, such as personal details or account login information," the advisory adds.