Threat actors have capitalized on the widespread business disruption caused by CrowdStrike’s faulty update on Friday, targeting companies with data wipers and remote access tools. As businesses seek assistance to fix affected Windows hosts, researchers and government agencies have noted a surge in phishing emails attempting to exploit the situation.
In response, CrowdStrike is actively assisting impacted customers and advising them to ensure they communicate with legitimate representatives through official channels to avoid falling victim to adversaries and bad actors. The UK’s National Cyber Security Center (NCSC) has also warned of an increase in phishing messages taking advantage of the outage.
Malicious actors have taken advantage of the CrowdStrike incident to distribute malware such as HijackLoader and a data wiper, disguising them as legitimate updates from CrowdStrike. This exploitation has led to significant disruptions, with millions of Windows hosts affected and various organizations experiencing crashes and operational disturbances.
CrowdStrike has identified the cause of the outage and provided instructions for affected companies to recover their systems. Despite efforts to rectify the issue, the impact of the faulty update has been substantial, causing disruptions across multiple sectors.
As the situation continues to unfold, companies are urged to remain vigilant and follow official guidance to mitigate the impact of this cybersecurity incident.
Original story: https://www.bleepingcomputer.com/news/security/fake-crowdstrike-updates-target-companies-with-malware-data-wipers/
