Scammers are capitalising on the fallout from the worldwide CrowdStrike chaos, security researchers warn
Don't Miss
Most Read
Trending on GB News
When 8.5 million PCs went offline because of a botched update, it caused chaos around the globe.
Although less than 1% of all Windows machines worldwide were impacted, the CrowdStrike outage was one of the worst IT meltdowns ever recorded, grounding flights across Europe and the USA, causing chaos with budget airlines Ryanair and Wizz Air, leaving several banks and businesses unable to accept payment, and cutting off Sky News in the middle of a broadcast.
It was triggered by a faulty line of code in an update issued by Texas-based cyber security provider, CrowdStrike, which is used by 8 out of the top 10 financial services, food and beverages, and technology companies.
CrowdStrike is an endpoint security company based in Texas that protects some of the biggest multi-national brands on the planet
CROWDSTRIKE PRESS OFFICE | GBNFortune 500 companies lost $5 billion in revenue during the hours while CrowdStrike and Microsoft raced to put together a fix for the mass IT outage, some estimates suggest. It'll still take some time before every PC hit by the CrowdStrike glitch is patched and up-and-running again. Mac and Linux PCs were unaffected.
And the worst part? The danger isn't behind us yet.
The Blue Screen of Death, a colloquial name for the error message that appears when a Windows 10 or Windows 11 machine fails to boot-up properly, was spotted around the world after the CrowdStrike issue
REUTERS
McAfee security researchers have warned the unprecedented chaos caused by the CrowdStrike update has provided a fresh opportunity for scammers. Fraudsters have launched campaigns to capitalise on the situation.
These scams range from fake emails about compensation for delayed flights, to cyber crooks posing as banks to steal login information or and retailers requesting an alternate payment method due to missed transactions.
Experts working at McAfee have also noticed an uptick in new website domain registrations with the term "CrowdStrike", clearly hoping to trick people into believing the site is related to a legitimate company — making it easier to launch phishing attacks, spread malware, or collect sensitive information.
Although less than 1% of the Windows PCs around the globe were impacted by the botched update, it still caused widespread chaos in train stations, airports, banks, and businesses
REUTERS
Flights across the United States, UK, and mainland Europe were cancelled or delayed throughout July 19 due to the CrowdStrike error
REUTERS
Malware developers swiftly fast disguise malicious software like Remcos, Wiper, and Stealers as remediation tools for the outage. Unsuspecting people may have downloaded this software in an effort to restore their systems — and inadvertently made things much, much worse.
Speaking to GB News, Senior Director of Threat Research at McAfee, Abhishek Karnik said: "A McAfee Labs analysis of domains registered shortly after the Crowdstrike outage found more than 6,000 high-risk URLs containing the word ‘crowdstrike’.
"A majority of these domains were registered from the United States, although a significant number were also registered from China.
"Many of these sites presented themselves as resources offering details about the outage and steps for remediation. However, given their rapid appearance after the event, there is a high likelihood that these sites were created by opportunistic scammers looking to exploit the situation. This pattern is consistent with typical behaviours observed in cyber scams during and following high-profile tech incidents.
"Given that the Crowdstrike outage primarily impacted enterprise systems, the number of consumers whose machines were impacted was minimal. However, since the outage significantly disrupted services in key sectors including healthcare, airlines, and retail — and as a result, consumers had trouble accessing these services — scammers may have embedded malware in messages or websites presented as fixes for those access issues."
With malware campaigns on the rise, McAfee has outlined a few common sense rules to stay protected from the growing number of scams targeting those worried about the CrowdStrike disaster.
- Question Unsolicited Communications | It's smart to be skeptical of any unsolicited messages that ask for personal information or payment details — and urge you to take action quickly. Avoid clicking on suspicious links and directly verify any requests for personal information or payments
- Swerve Unconventional Money Transfers | Be cautious if you're asked to send payment using little-known, use cryptocurrency, or buy gift cards and share the card numbers and PINs. These are often signs of a scam
- Verify the Source | If you receive a suspicious call or message — verify the caller’s identity before you take any further action. Be aware of tools like voice cloning and number spoofing that make calls appear legitimate. If in doubt, hang up and contact the company or person directly with a known number
- Secure Your Information | Always use strong, unique alpha-passwords for all your accounts and consider a password manager. Enable multi-factor authentication to increase security or switch to a more secure system, like PassKeys
- Report Suspicious Activity | If you suspect a cyber-attack, such as voice cloning, report it immediately to authorities like Action Fraud, the Federal Trade Commission (FTC), or the Internet Crime Complaint Center (IC3)
Security Evangelist at McAfee, Jasdev Dhaliwal added: "The recent global outage affecting Windows systems has had a profound impact across multiple sectors, disrupting essential services and exposing vulnerabilities that opportunistic scammers are keen to exploit. As the digital landscape becomes increasingly interconnected, the importance of maintaining rigorous cybersecurity measures cannot be overstated.
"Consumers and organizations alike must stay vigilant, enhance their security protocols, and remain proactive in safeguarding their personal and operational data against such threats. This incident serves as a stark reminder of the cascading effects that a single point of failure can have in our globally networked environment."
It comes as Lord Vallance of Balham said the CrowdStrike outage highlighted the need to strengthen the UK's technology defences.
A faulty update rolled out by cybersecurity firm CrowdStrike knocked many services offline around the world on Friday, causing flight and train cancellations and crippling some healthcare systems. Earlier this month in the King’s Speech, the new Labour Government had said it would introduce the Cyber Security and Resilience Bill, which would give greater power to regulators to push more firms to implement better cybersecurity defences.
It said the legislation would expand the remit of existing regulation and put regulators on a stronger footing, as well as increase the reporting requirements placed on businesses to help build a better picture of cyber threats to the UK.
LATEST DEVELOPMENTS
Lord Vallance said: "Nowhere are security risks more apparent than in cyber attacks. In light of last week’s global IT outage caused by a failed software update, ensuring that our digital systems are safe and resilient feels more important than ever.
“In the last 18 months, we have seen devastating cyber attacks at the Ministry of Defence, the Royal Mail and the British Library. A recent attack on the NHS resulted in thousands of appointments and elective procedures being postponed, impacting health provision right across the capital.”
He added: “To reduce the damage from further attacks, we must urgently update our cybersecurity regulations.
“That is what the Cyber Security and Resilience Bill will do, strengthening our defences and ensuring that digital services that are more essential than ever are protected.”
You may like