A surge in phishing attacks from the CrowdStrike outage

August 12, 2024 | KnowBe4 , Cybersecurity
Ross Harris

Written by
Ross Harris

Last month, thousands of businesses worldwide were affected by an IT outage due to a technical issue with CrowdStrike, a leading cybersecurity firm. Fortunately, the outage was not a result of a cyberattack, but the fallout from the event went beyond just operational interruptions and became a playground for cybercriminals looking to exploit the chaos.

Events like this can have profound implications on cybersecurity and demonstrate that the need for vigilance against potential cyberattacks is more crucial than ever.

The aftermath of the CrowdStrike outage

The CrowdStrike outage impacted around 8.5 million Windows devices and demonstrated how easily a large-scale disruption can occur. It also highlighted how quickly cybercriminals can exploit these types of events.

Soon after the outage, cybersecurity experts identified a surge in phishing emails posing as support communications from CrowdStrike. The emails came disguised as offers of assistance or patches and were designed to dupe recipients into divulging sensitive information or downloading malicious software.

Organisations like the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) issued alerts highlighting the increased phishing activity. The NCSC noted, "An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organisations and individuals."

Similarly, the SANS Technology Institute reported seeing phishing emails that claimed to be from ‘CrowdStrike Support’ or ‘CrowdStrike Security’, making it clear that attackers were leveraging the heavy media attention to deceive potential victims.

Tactics and deception

Cybercriminals' tactics in the wake of the CrowdStrike outage were varied and sophisticated, ranging from phishing emails to exploiting domains. Threat actors reportedly registered domains, creating scam websites to further exploit the situation, using names resembling legitimate CrowdStrike-related URLs, such as ‘crowdstrikebluescreen[.]com’ and ‘crowdstrike0day[.]com.’

There was a surge in phishing emails and reports of cybercriminals impersonating CrowdStrike employees in phone calls and posing as independent researchers. Calls claimed to have evidence linking the technical issue to a cyberattack, adding further confusion and fear among affected organisations and potentially leading to individuals or organisations falling victim to scams.

This multifaceted approach to deception illustrates the lengths that cybercriminals will go to exploit vulnerabilities during crises.

The importance of strong cybersecurity

The CrowdStrike incident is a stark reminder of the need for strong cybersecurity practices. Although a faulty software update caused this event, the chaos could have resulted from a deliberate cyberattack. Organisations must be prepared for both scenarios by implementing comprehensive cybersecurity measures, including employee training.

KnowBe4

All good cybersecurity strategies will centre on employee training and awareness. Employees are often the first line of defence against cyberattacks, and security awareness training tools such as KnowBe4 can equip employees with the knowledge to recognise phishing attempts and create a positive security culture within an organisation.

KnowBe4’s regular training and simulated exercises blend AI and an extensive interactive content library to help employees remain vigilant against socially engineered threats.

KnowBe4 delivers a range of features and benefits to organisations of all sizes, including:

  • The world's most extensive library of security awareness and compliance training content
  • Tailored simulated phishing campaigns
  • Personalised training assignments
  • More than 60 built-in reports for training and phishing campaigns
  • AI-driven content based on users’ understanding of security threats
  • Educational resources to help strengthen protection against online attacks
  • Interactive modules, from videos and games to posters and newsletters
  • Content available in over 34 languages
  • Continuous assessment of user behaviours and social engineering risk
  • Improving organisational security culture

KnowBe4 as a Managed Service

At Brigantia, we provide the KnowBe4 platform as a fully managed service. With a dedicated team handling all the heavy lifting, we leverage KnowBe4's extensive library of phishing simulations and training to create customised solutions tailored to an organisation. We aim to help reduce your organisation's risk score to below the industry average of 4%.

Was the global outage a wake-up call?

The CrowdStrike outage was a big alert for many organisations. It highlighted the potential for cybercriminals to exploit even unintentional disruptions and underscored the importance of strong cybersecurity measures at every level. By investing in employee training, maintaining up-to-date systems, and implementing robust security protocols, organisations can mitigate risks and ensure they are prepared for any eventuality.

At Brigantia, our portfolio comprises the best cybersecurity solutions designed to protect and secure organisations from every angle. Awareness and preparation are crucial in a world where cyber threats are constantly evolving.

If you’re looking for high-quality, leading cybersecurity solutions that strengthen your customers' defences, contact our team.

Recommended reading

KnowBe4 as a Managed Service, EquiTech Group case study

This case study details EquiTech Group's implementation of KnowBe4 as a Managed Service (KaaMS) via ...

Senior roles and security training

I recently came across a report highlighting a trend where cybercriminals were more frequently targeting ...

Human error conquered: KnowBe4 and Brigantia come together for the latest partner event

Email security is a hot topic, with 8.3 billion emails sent daily in the UK and new DMARC policies being ...