Microsoft Windows suffered a worldwide outage due to a faulty update to the CrowdStrike Falcon Sensor software.This resulted in the crashing of Microsoft Windows operating system impacting flights, businesses, banking and hospital systems across the globe.
What CERT-In advisory says
In its advisory, CERT-In states that there are reports of an ongoing phishing campaign targeting CrowdStrike users leveraging the global tech outage issue to conduct the malicious activities. These include sending phishing emails posing as CrowdStrike support to customers, impersonating CrowdStrike staff in phone calls, selling software scripts purporting to automate recovery from the content update issue, among others.
The advisory further states that scammers are using this issue to distribute trojan malware pretending to be recovery tools. These attack campaigns, it says, could entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data loss.
Further, the CERT-In lists URLs that organizations may consider configuring their firewall rules to block connections to. These include:
- crowdstrike.phpartnersHorg
- crowdstrike0dayMcom
- crowdstrikebluescreen[.]corn
- crowdstrike-bsod[.]com
- crowdstrikeupdate[.]com
- crowdstrikebsod[.]corn
- www.crowdstrike0day[.]com
- www.fix-crowdstrike-bsod[.]com
- crowdstrikeoutage[.]info
- www.microsoftcrowdstrike[.]corn
- crowdstrikeodayINcom
- crowdstrike[.]buzz
- www.crowdstriketoken[.]com
- www.crowdstrikefix[.]com
- fix-crowdstrike-apocalypse[.]com
- microsoftcrowdstrike[.]com
- crowdstrikedoomsday[.]com
- crowdstrikedown[.]com
- whatiscrowdstrike[.]corn
- crowdstrike-helpdesk[.]corn
- crowdstrikefixMcorn
- fix-crowdstrike-bsodHcorn
- crowdstrikedown[.]site
- crowdstuck[.]org
- crowdfalcon-immed-update[.]com
- crowdstriketoken[.]com
- crowdstrikeclaim[.]com
- crowdstrikeblueteam[.]corn
- crowdstrike-office365Hcom
- crowdstrikefix[.]zip
- crowdstrikereport[.]com