Businesses affected by the CrowdStrike patch debacle should be careful with their emails as cybercriminals are taking advantage of the situation to spread malware, experts warn.
The US Cybersecurity and Infrastructure Security Agency (CISA) has a warning was issued regarding an ongoing phishing campaign, urging users to “not click on phishing emails or suspicious links.”
CISA says it has observed multiple campaigns in which scammers have impersonated CrowdStrike or posed as IT professionals who could quickly resolve the issue. In at least one of those emails, the scammers asked for cryptocurrency in exchange for a fix.
Phishing attacks
A separate warning from AnyRun exposed a malware campaign targeting BBVA bank customers, offering a fake CrowdStrike Hotfix update that actually installs the Remcos remote access tool (RAT).
Many organizations around the world were forced to partially or completely shut down their operations due to a faulty CrowdStrike patch that rendered their Windows PCs unusable.
Banks, airlines, TV channels and many other organizations around the world were faced with the dreaded Blue Screen of Death and started looking for a solution.
Apparently the best way to fix the problem is to delete the faulty file via Safe Mode or leave the Windows machine turned on long enough for the patch to download and install.
Meanwhile, cybercriminals seized the opportunity to use this global event for personal gain.
One thing that almost all phishing emails have in common is that they convey a sense of urgency, and events like this are ideal in that regard. In the past, security researchers have seen hackers take advantage of sporting events like the Olympics, the World Cup, the Super Bowl, and others to trick people into downloading malware by promising them cheap tickets to the events if they rushed to buy them.
Through BleepingComputer