Companies suffering from the CrowdStrike patching fiasco should be careful with their emails , as cybercriminals are taking advantage of the situation to push malware, experts have warned.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning concerning an ongoing phishing campaign, telling users to “avoid clicking on phishing emails or suspicious links.”
CISA says it has already observed multiple campaigns in which crooks either impersonated CrowdStrike, or presented themselves as IT pros capable of quickly fixing the problem. In at least one of such emails, the fraudsters asked for money in cryptocurrencies, in exchange for a fix.
Phishing attacks
A seperate warning from AnyRun highlighted a malware campaign targeting BBVA bank customers offering a fake CrowdStrike Hotfix update that actually installs the Remcos remote access tool (RAT).
Many organizations around the world were forced to pause their operations, either partly, or entirely, due to a faulty CrowdStrike patch that bricked their Windows PCs.
Banks, airlines, TV broadcasters, and many other organizations all over the world faced the dreaded Blue Screen of Death, and started scrambling for a solution.
Apparently, the best way to fix the issue is either to delete the faulty file via Safe Mode, or to keep the Windows device running long enough for the fix for the patch to download and install.
In the meantime, cybercriminals jumped at the opportunity to use this global event for personal gain.
One thing that’s in common for virtually all phishing emails is that they carry a sense of urgency with them, and in that regard – events such as this one are ideal. In the past, security researchers have observed hackers abusing sports events such as the Olympic Games, FIFA World Cup, Super Bowl, and others, to trick people into downloading malware, by promising affordable tickets for the events, if they hurry and buy them.
Via BleepingComputer
