On July 19, 2024, CrowdStrike, a cybersecurity company, released a software bug that caused system outages for Microsoft Windows users globally. This disruption caused many devices to display a blue screen and halted operations for 8.5 million devices.
In the wake of the outage, cyber attackers wasted no time in capitalizing on the situation. They began impersonating Crowdstrike support through phishing emails, aiming to deceive users and gain unauthorized access to sensitive information. These phishing emails were crafted to appear legitimate, using fake email addresses that closely resembled those of CrowdStrike support. The U.S. cybersecurity agency CISA said in a statement that organizations should prepare for phishing attacks.
This guide shows the most recent phishing emails that were found by HacWare's AI-driven mining technology and the 8 ways to prepare your team for future attacks.
Key Tactics Used by Attackers
Phishing Emails: Attackers sent emails from fake CrowdStrike support addresses, attempting to trick recipients into divulging sensitive information or clicking on malicious links. These emails will often bypass basic security checks, such as the Domain-based Message Authentication, Reporting, and Conformance (DMARC) check, which is designed to detect and prevent email spoofing.
Malicious Domains and Attachments: The phishing emails included links to domains that failed HacWare's email assessment. These domains were used for phishing websites and email campaigns, further exposing users to risk. Additionally, attackers attached zip files named "crowdstrike-hotfix.zip" to these emails, which, when opened, could take over the recipient's device.
Cryptocurrency Payment Requests: In a particularly audacious move, attackers requested cryptocurrency payments for purported outage fixes. This not only aimed to steal funds but also to create a sense of urgency and panic among recipients.
8 Ways to Respond
Communicate Directly with Support Teams: It's crucial to communicate directly with your local support team, CrowdStrike support, or Microsoft's support team rather than responding to unsolicited emails.
Inspect Email Addresses and URLs: Always scrutinize the sender's email address and any URLs provided in the emails. Look for discrepancies or signs of spoofing that could indicate a phishing attempt.
Avoid Unverified Attachments: Be cautious with email attachments, especially zip, pdfs, or exe files from unknown sources. These could be designed to execute malicious code on your device.
Use DMARC checkers: Use DMARC email checkers to identify emails that fail authentication checks and could be used in phishing attacks.
Avoid Payment Lures: Always scrutinize email messages for payment requests using cryptocurrency or gift cards.
Report Phishing Emails: Provide an easy way for users to report phishing emails.
Phishing Incident Response Plan: Develop a comprehensive phishing incident response plan to set team expectations and procedures for dealing with phishing attacks.
Security Awareness Training: Regularly inspect security awareness training reports and emphasize the importance of ongoing education for your team to combat future phishing attempts.
The CrowdStrike outage on July 19 served as a stark reminder of the ever-present threat posed by cybercriminals. By exploiting such incidents, attackers aim to take advantage of temporary vulnerabilities and human error. Staying vigilant and implementing robust security measures can help mitigate these risks and protect your organization from similar threats in the future.
Learn more about HacWare: MSP partners can decrease the likelihood that their end users will click on a phishing email by 60%. Let us educate your end users with automated, AI-driven phishing simulations and under three-minute micro-trainings to keep user attention and improve learning outcomes.
Learn more about our partner program and how we can support your MSP's growth!