AS THE world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain.
Government cybersecurity agencies across the globe and CrowdStrike chief executive officer George Kurtz are warning businesses and individuals about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage.
“We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”
The UK Cyber Security Center said they have noticed an increase in phishing attempts around this event.
Microsoft said 8.5 million devices running its Windows operating system were affected by the faulty cybersecurity update Friday that led to worldwide disruptions. That’s less than one percent of all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post on Saturday.
He also said such a significant disturbance is rare but “demonstrates the interconnected nature of our broad ecosystem.”
Gartner analyst Eric Grenier expects that a majority of affected machines will be fixed in about a week, with more time needed to reach laptops used by far-flung workers because the work can’t be done remotely – it’s a hands-on operation.
In the meantime, there will be scammers trying to take advantage of businesses that have indicated they were affected by the outage.
“The threat is very real,” Grenier said. “Bad actors have the information to send targeted phishing emails and calls. They know what endpoint-protection tools you use. They know you use CrowdStrike.”
Grenier said affected businesses need to make sure they use a fix supplied by CrowdStrike. “Don’t accept the help of somebody coming out of the blue and saying, ‘I’ll fix that for you,’” he said. / AP