Last month, thousands of businesses worldwide were affected by an IT outage due to a technical issue with CrowdStrike, a leading cybersecurity firm. Fortunately, the outage was not a result of a cyberattack, but the fallout from the event went beyond just operational interruptions and became a playground for cybercriminals looking to exploit the chaos.
Events like this can have profound implications on cybersecurity and demonstrate that the need for vigilance against potential cyberattacks is more crucial than ever.
The CrowdStrike outage impacted around 8.5 million Windows devices and demonstrated how easily a large-scale disruption can occur. It also highlighted how quickly cybercriminals can exploit these types of events.
Soon after the outage, cybersecurity experts identified a surge in phishing emails posing as support communications from CrowdStrike. The emails came disguised as offers of assistance or patches and were designed to dupe recipients into divulging sensitive information or downloading malicious software.
Organisations like the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) issued alerts highlighting the increased phishing activity. The NCSC noted, "An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organisations and individuals."
Similarly, the SANS Technology Institute reported seeing phishing emails that claimed to be from ‘CrowdStrike Support’ or ‘CrowdStrike Security’, making it clear that attackers were leveraging the heavy media attention to deceive potential victims.
Cybercriminals' tactics in the wake of the CrowdStrike outage were varied and sophisticated, ranging from phishing emails to exploiting domains. Threat actors reportedly registered domains, creating scam websites to further exploit the situation, using names resembling legitimate CrowdStrike-related URLs, such as ‘crowdstrikebluescreen[.]com’ and ‘crowdstrike0day[.]com.’
There was a surge in phishing emails and reports of cybercriminals impersonating CrowdStrike employees in phone calls and posing as independent researchers. Calls claimed to have evidence linking the technical issue to a cyberattack, adding further confusion and fear among affected organisations and potentially leading to individuals or organisations falling victim to scams.
This multifaceted approach to deception illustrates the lengths that cybercriminals will go to exploit vulnerabilities during crises.
The CrowdStrike incident is a stark reminder of the need for strong cybersecurity practices. Although a faulty software update caused this event, the chaos could have resulted from a deliberate cyberattack. Organisations must be prepared for both scenarios by implementing comprehensive cybersecurity measures, including employee training.
All good cybersecurity strategies will centre on employee training and awareness. Employees are often the first line of defence against cyberattacks, and security awareness training tools such as KnowBe4 can equip employees with the knowledge to recognise phishing attempts and create a positive security culture within an organisation.
KnowBe4’s regular training and simulated exercises blend AI and an extensive interactive content library to help employees remain vigilant against socially engineered threats.
KnowBe4 delivers a range of features and benefits to organisations of all sizes, including:
At Brigantia, we provide the KnowBe4 platform as a fully managed service. With a dedicated team handling all the heavy lifting, we leverage KnowBe4's extensive library of phishing simulations and training to create customised solutions tailored to an organisation. We aim to help reduce your organisation's risk score to below the industry average of 4%.
The CrowdStrike outage was a big alert for many organisations. It highlighted the potential for cybercriminals to exploit even unintentional disruptions and underscored the importance of strong cybersecurity measures at every level. By investing in employee training, maintaining up-to-date systems, and implementing robust security protocols, organisations can mitigate risks and ensure they are prepared for any eventuality.
At Brigantia, our portfolio comprises the best cybersecurity solutions designed to protect and secure organisations from every angle. Awareness and preparation are crucial in a world where cyber threats are constantly evolving.
If you’re looking for high-quality, leading cybersecurity solutions that strengthen your customers' defences, contact our team.