Scammers take advantage of CrowdStrike confusion
Phishing emails and calls purportedly from CrowdStrike staff were detected in the wake of last week’s widespread Windows system outages, and CrowdStrike published a list of rogue domains to warn users.
CrowdStrike also warned of scammers imitating cybersecurity researchers offering support to individuals and businesses, who claim that widespread outages were the result of a cyberattack.
AUSCERT warned that fraudsters hope that the urgency of getting systems back up and running can inhibit critical thinking, increasing their chances of exploitation.
AUSCERT recommends users to be vigilant, verify the authenticity of any communication they receive and only obtain information from official channels.
CrowdStrike has published a list of domains impersonating its brand, although not all of them are necessarily used to transport malicious content. According to a CrowdStrike blog, the following domains have been detected:
crowdstrike.phppartners[.]organization
crowdstrike0day[.]com
crowdstrikeblue screen[.]com
crowdstrike-bsod[.]com
crowdstrike update[.]com
crowdstrikebsod[.]com
www.crowdstrike0day[.]com
www.fix-crowdstrike-bsod[.]com
blackout[.]information
www.microsoftcrowdstrike[.]com
crowdstrikeodayl[.]com
crowd strike[.]buzz
www.crowdstriketoken[.]com
www.crowdstrikefix[.]com
fix-crowdstrike-apocalypse[.]com
microsoftcrowdstrike[.]com
crowdstrikedoomsday[.]com
crowd strike[.]com
what is the crowd strike[.]com
crowdstrike support service[.]com
crowdstrikefix[.]com
fix-crowdstrike-bsod[.]com
crowd strike[.]place
stagnant crowd[.]organization
crowdfalcon immediate-update[.]com
crowd attack token[.]com
collective strike demand[.]com
crowdstriketeamblue[.]com
crowdstrikefix[.]zipper
crowdstriker report[.]com
The warnings come as CrowdStrike chief security officer and former FBI agent Shawn Henry issued a statement regarding the company’s Falcon update, accepting responsibility for the outages.
“However, on Friday we failed. The last two days have been the most challenging 48 hours for me in over 12 years. The confidence we built from drips over the years was lost in buckets in a matter of hours, and it was a punch in the gut.
“But this pales in comparison to the pain we have caused our customers and partners. We let down the very people we were committed to protecting, and to say we are devastated is an understatement.
“I and the entire company take it personally. Thousands of our team members have been working 24/7 to fully restore our customers’ systems. The days have been long and the nights short, and that will continue for the foreseeable future. But that is part of the promise we made to all of you when you put your trust and protection in our hands.”