Cyber Vulnerabilities: The Aftermath of the CrowdStrike Outage
Table of contents
This blog is a summary of our latest threat note, “CrowdStrike – The Aftermath”, which is available for all our clients to read in the CybelAngel portal. Interested in reading this report as a non client? Get in touch with us to access this content.
Down-Day: A recap of July 19th
On the 19th of July the ripple effects of a problematic CrowdStrike update caused a widespread impact on global IT system. From grounded airlines to banking system failures, painful service interruptions and outages crippled some of the biggest companies in the world.
The fallout of this incident casted a wide net of disruption over numerous industries and has substantially impacted global business operations during and since this outage. A recent report suggested that 1 in 4 Fortune 500 companies were impacted to the tune of $5.4bn.
From operational cancellations and passenger delays at airlines Delta CEO Ed Bastian said the massive IT outage that stranded thousands of customers will cost it $500 million)to significant stumbling blocks in the financial sector by halting payment processes.
Healthcare operations grappled with procedural delays due to inaccessible electronic records, while retailers contended with non-functional point-of-sale systems, forcing a shift to cash transactions. Media outlets faced difficulties in maintaining broadcast schedules, subsequently affecting revenues, and the outage disrupted global supply chains, hinting at logistics challenges that could persist for weeks.
But perhaps, one of the most serious consequences for the cybersecurity company, has been the increase in cybercriminal activity targeting these victims.
What has happened since the CrowdStrike outage?
Striking fast in this moment of vulnerability were cybercriminals who exploited this opportunity to launch a series of phishing campaigns, malware distribution schemes, and data breaches.
Here is a quick overview of this situation:
- Within days of the outage, hundreds of typosquatting domains were established, exploiting the technical difficulties and service disruption experienced by CrowdStrike.
Here are some examples of what these typosquatting domains presented as:
- fix-crowdstrike-apocalypse[.]com – (This domain attempted to sell a supposed fix for the BSOD issues for €500,000).
- crashstrike[.]com
- crowdstrikefix[.]com
- crowdstrikebluescreen[.]com
- crowdstrike-helpdesk[.]com
193 domains in total were recorded by James Spiteri, a director at Elastic, to share awareness about this phishing campaign. You can review his updated list here.
- Notorious hacktivist groups, such as Handala, have publicly claimed responsibility for the malware campaign related to CrowdStrike and identified by the Israel National Cyber Directorate.
- The infamous USDOD, has once again struck in a timely manner by divulging confidential data pertaining to CrowdStrike as an act of personal vengeance.
A sneak peak of the 3 core pillars of our investigation
Within this threat note there are three main areas of focus. Each area contains comments from our expert team of REACT analysts who have sifted through malicious actor commentary on specific cyber criminal channels and the dark web.
Here are the three focus areas of the report:
I. Phishing and Malware Catalog
II. Emerging Hacktivist Tactics
III. Adversaries Take Advantage
If you are interested in delving into the specific malware distributed in the campaigns get in touch with our team today.
Read more in our official CybelAngel threat note
Our REACT team deep dives further into the catastrophic consequences of this CrowdStrike outage in our full threat note. With the potential for data breaches only increasing, it is an excellent resource for affected IT leaders.
For non CybelAngel clients who also wish to have a complete picture of the fallout for cybersecurity, you can access this resource directly by contacting our REACT team at [email protected].
Interested in strengthening your cybersecurity posture? We just published this guide The Ultimate Cybersecurity Posture Checklist [25+ Tips].
That is it for this blog.