CrowdStrike Updates Deliver Malware & More as Attacks Snowball

  /     /     /  
Publicated : 23/11/2024   Category : security


CrowdStrike Updates Deliver Malware & More as Attacks Snowball


The fake updates are part of a phishing and fraud surge that is both more voluminous and more targeted that the usual activity around national news stories.



Scam alert: Cybercriminals are using
last weeks CrowdStrike outage
as a vehicle for social engineering attacks against the security vendors customers.
In the hours after the event that grounded planes, shuttered stores, closed down medical facilities, and more, national cybersecurity agencies in the
US
,
UK
,
Canada
, and
Australia
all reported follow-on phishing activity by petty criminals. That much is to be expected after any national news event. But, says BforeAI CEO Luigi Lenguito, these post-CrowdStrike attacks are both more copious and more targeted than those typically seen after major media stories.
For reference, in the attack last week on Trump, we saw a spike on the first day of 200 [related cyber threats] and then it flattened to 40, 50 a day, he says. Here, youre looking at a spike that is three times as big. Were seeing about 150 to 300 attacks per day. I would say this is not the normal volume for news-related attacks.
The philosophy is: We have these large corporations users who are lost, because their computers cannot connect to the mothership, and now theyre trying to get connected. Its a perfect opportunity for cybercriminals to get back into these networks, Lenguito explains.
This makes CrowdStrike-themed phishing attacks characteristically different from, say, Trump assassination-themed ones. Theyre much more targeted — aimed at organizations affected by the outage — and potential victims are more technically adept and educated in cybersecurity than your average bear.
To convince those people to let them in, attackers have been masquerading as either the company itself, related technical support, or competing companies with their own offerings.
The evidence lies in
phishing and typosquatting domains
registered in recent days, like crowdstrikefix[.]com, crowdstrikeupdate[.]com, and www.microsoftcrowdstrike[.]com. One security researcher identified
more than 2,000 such domains
that have been generated thus far.
These domains might be used to distribute malware, like the
ZIP file pretending to be a hotfix
which was uploaded to a malware scanning service last weekend. The ZIP contained
HijackLoader
(aka IDAT Loader), which in turn loaded the
RemCos RAT
. The file was first reported from Mexico, and it contained Spanish-language filenames, indicating that the campaign likely targeted CrowdStrike customers in Latin America.
In
another case
, attackers distributed a CrowdStrike-themed phishing email with a crudely designed PDF attachment. Inside the PDF was a link to download a ZIP attachment with an executable inside. Once launched, the executable asked the victim for permission to install an update. The update, though, was a wiper. The pro-Hamas hacktivist group Handala
took responsibility
, claiming that dozens of Israeli organizations had lost several terabytes of data as a result.
However the threats might arrive, Lenguito says, organizations can protect themselves by using blocklists, protective DNS tools, and by avoiding tech support from anywhere other than CrowdStrikes own website and customer service channels.
Or, perhaps, they can just wait it out. Were still early, right? Well probably see it taper over the coming weeks. Generally, what we see is these campaigns have a tendency to last two to three weeks, he says.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CrowdStrike Updates Deliver Malware & More as Attacks Snowball