Cybercriminals taking advantage of CrowdStrike-linked global computer outage

Cybercriminals taking advantage of CrowdStrike-linked global computer outage

The global IT outage triggered by a faulty CrowdStrike software update has created a perfect storm for cybercriminals to exploit. In the wake of this unprecedented disruption affecting Windows computers worldwide, threat actors are now launching phishing campaigns and distributing malware-laden links.

These malicious actors are preying on individuals and organizations desperate for information and solutions, tricking them into clicking on contaminated links under the guise of offering updates or fixes for CrowdStrike-related issues.

GET SECURITY ALERTS, EXPERT TIPS โ€“ SIGN UP FOR KURTโ€™S NEWSLETTER โ€“ THE CYBERGUY REPORT HERE

Illustration of cybercriminal at work

Illustration of cybercriminal at work. (Kurt “CyberGuy” Knutsson)

AUTO PARTS GIANT EXPOSED: 2.3 MILLION CUSTOMERS AT RISK IN MASSIVE DATA BREACH

Massive outage touches every aspect of life

As airlines, banks, grocery stores, 911 emergency communications, medical centers and virtually every organization running Windows computers with CrowdStrike Falcon attempt to recover from what could be the most destructive tech tsunami, criminals are being observed attempting to offer fake help with a payload of trouble.

Windows PC

A person working on a Windows PC (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR PCS – CYBERGUY PICKS 2024

Homeland Security issues alert about threat actors after CrowdStrike Windows outage

The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, known as CISA, is tracking this online criminal activity, which now poses a secondary threat to Americans. Here is the CISA statement:

“CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”

The massive outages started at 1:20 a.m. ET Friday when CrowdStrike began rolling out a faulty update to its Falcon security product that protects Windows hosts. Screens around the world turned blue, freezing on a crippling message known as the “blue screen of death.”

RETAIL PRICES CAN JUMP IN SECONDS WITH HIGH-TECH STORE PRICE TAGS

Windows PC person working

A man working on a desktop Windows PC. (Kurt “CyberGuy” Knutsson)

How to protect against threat actors pretending to be CrowdStrike or Microsoft

  • Avoid clicking links in any text or email related to the CrowdStrike or Windows disruption.
  • Be ready to ride out digital storms like this one by getting your own life jacket in the form of strong anti-virus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
  • Only use official sources for resolving security incidents like this one.

CrowdStrike’s CEO George Kurtz addressed the global glitch it caused, and an updated statement puts it in perspective:

“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”

HOW TO GROUP TABS IN DIFFERENT BROWSERS TO STOP TAB OVERLOAD

How to recover from the โ€˜blue screen of deathโ€™ outage

CrowdStrike is actively working through its official channels to roll out a previous version of its Falcon software, but not before the disruptive damage was done worldwide. If you have a Windows PC or laptop experiencing trouble, there are alternative workarounds to help you fix it. The company offers the following additional steps that can be taken if your Windows computer is still having trouble.

Workaround steps for individual hosts:

  • Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
  • Boot Windows into Safe Mode or the Windows Recovery EnvironmentNote: Putting the host on a wired network (as opposed to Wi-Fi) and using Safe Mode with Networking can help remediation.
  • Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
  • Locate the file matching “C-00000291*.sys”, and delete it.
  • Boot the host normally. 

Note: Bitlocker-encrypted hosts may require a recovery key.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Kurt’s key takeaways

Cybercriminals are quick to take advantage of tech troubles like this massive Windows disruption caused by CrowdStrike. The lesson is to take privacy and security into your own hands by being as resilient as possible to attacks. I recommend running good antivirus protection on every device in you and your family’s lives. See the 2024 review of the Best AntiVirus Protection here for options.

What measures do you believe governments and tech companies should implement to prevent and mitigate the impact of such large-scale IT disruptions in the future? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

CLICK HERE TO GET THE FOX NEWS APP

Copyright 2024 CyberGuy.com.  All rights reserved.