Companies affected by the CrowdStrike patch fiasco should be careful with their emails as cybercriminals are taking advantage of the situation to spread malware, experts have warned.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an ongoing phishing campaign, advising users to “avoid clicking on phishing emails or suspicious links.”
CISA says it has already observed multiple campaigns in which criminals impersonated CrowdStrike or presented themselves as IT professionals capable of quickly fixing the problem. In at least one of those emails, the scammers asked for cryptocurrency in exchange for a solution.
Phishing attacks
A separate warning from AnyRun highlighted a malware campaign targeting BBVA bank customers that offered a fake CrowdStrike Hotfix update that actually installs the Remcos remote access tool (RAT).
Many organizations around the world were forced to pause their operations, either partially or completely, due to a faulty CrowdStrike patch that bricked their Windows PCs.
Banks, airlines, TV broadcasters and many other organizations around the world were faced with the dreaded Blue Screen of Death and began looking for a solution.
Apparently, the best way to fix the problem is to either delete the faulty file via Safe Mode or keep the Windows device running long enough for the patch to download and install.
Meanwhile, cybercriminals took the opportunity to exploit this global event for their own personal gain.
One thing that virtually all phishing emails have in common is that they convey a sense of urgency, and in that regard, events like this are ideal. In the past, security researchers have observed hackers abusing sporting events like the Olympics, FIFA World Cup, Super Bowl, and others to trick people into downloading malware by promising them affordable tickets to the events if they hurry up and buy them.
Through Computer beeping
