July 25, 2024 at 04:56PM
Cybercriminals are using last week’s CrowdStrike outage to launch social engineering attacks on the security vendor’s customers. These targeted phishing activities are more copious and focused than typical news-related attacks. The attackers masquerade as the company itself, technical support, or rival companies to gain access to affected organizations. They also use typosquatting domains to distribute malware. Organizations can protect themselves using blocklists and avoiding tech support from unauthorized sources.
Based on the meeting notes, the key takeaways are:
– Cybercriminals are leveraging the recent CrowdStrike outage to conduct targeted social engineering attacks against the vendor’s customers.
– The phishing attacks related to CrowdStrike are more numerous and tailored compared to those following major media events.
– The attacks are specifically focused on organizations affected by the outage, with potential victims being more knowledgeable in cybersecurity.
– Attackers are using domains such as crowdstrikefix[.]com and crowdstrikeupdate[.]com, as well as distributing malware through fake attachments and updates.
– The attacks may last for a few weeks, and organizations can protect themselves using blocklists, protective DNS tools, and by seeking technical support only from CrowdStrike’s official channels.
These takeaways highlight the sophisticated and targeted nature of the cyber threats, as well as potential measures for organizations to protect themselves.