July 26th 2024
Be alert to fake messages offering support with the impact of the CrowdStrike global IT outage.
National cyber security agencies across the world are advising organisations and individuals to be careful about any messages they receive about the CrowdStrike IT problem that hit the world a week ago.
The National Cyber Security Centre (NCSC) has said:
“Fixes are now available to resolve the issues, and affected organisations should refer to the relevant vendor guidance and take the necessary action.
“Installing security updates is still an essential security practice and organisations should continue to install them when they are available. Organisations should also continue to use antivirus products as normal.”
The CrowdStrike incident was not a result of a malicious or criminal attack on systems. But cyber criminals are now exploiting the confusion and concern by launching targeted attacks on individuals and organisations.
A number of malicious websites and unofficial codes are being released claiming to help organisations and individuals to recover from the widespread outages caused by the CrowdStrike technical incident. But these are fake and damaging.
Attacks may include phishing campaigns to trick users into downloading damaging malware and compromising their credentials. They may also include ‘social engineering attacks’, where criminals pose as IT personnel to deceive people into downloading damaging malware or paying for fake support.
There has also been an increase in fake “typo-squatting” domains, which seek to catch out people making spelling mistakes when typing CrowdStrike into their web browsers when looking for support.
NCSC has said:
“An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organisations and individuals.”
“Organisations should review NCSC guidance to make sure that multi-layer phishing mitigations are in place, while individuals should be alert to suspicious emails or messages on this topic and know what to look for.”
Immediate actions: check for phishing attacks
If a care provider or a member of staff has received a message about CrowdStrike and you’re unsure if it is legitimate, Digital Care Hub advises you to:
- Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don’t use the links or contact details in the message you have been sent or given over the phone.
- Check to see if the official source has already told you what they will never ask you. For example, they may have told you that they will never ask for your full password.
- Delete suspicious emails. Do not click on links or open attachments in a phishing email as they may contain fraudulent requests for information or contain links to viruses. Do not respond to them even if they seem to come from a company or person you may know. Responding can confirm that your address is legitimate to the sender. If you are not sure if an email is genuine, try calling the sender on a phone number you know to be correct.
- If you have received an email which you’re not quite sure about, forward it to the NCSC’s Suspicious Email Reporting Service (SERS). Once reported you will receive an acknowledgement email. The NCSC will then analyse the suspect email and any websites it links to.
Reduce the risk and impact of phishing attacks
As well as their detailed guidance about phishing attacks, the NCSC has produced a useful guide for small businesses. The guide includes tips on reducing the risk of phishing attacks – summarised below:
Tip 1: Configure accounts to reduce the impact of successful attacks
You should configure your staff accounts in advance using the principle of ‘least privilege’. This means giving staff the lowest level of user rights required to perform their jobs, so if they are the victim of a phishing attack, the potential damage is reduced.
Tip 2: Think about how you operate
Consider ways that someone might target your organisation, and make sure your staff all understand normal ways of working (especially regarding interaction with other organisations), so that they’re better equipped to spot requests that are out of the ordinary.
Tip 3: Check for the obvious signs of phishing
Expecting your staff to identify and delete all phishing emails is an impossible request but they should be able to spot the common warning signs such as poor grammar or punctuation, design elements not what you might expect. Is it addressed to you by name or just ‘valued customer’ or ‘friend’. Is it demanding immediate action?
Tip 4: Report all attacks
Make sure that your staff are encouraged to ask for help if they think that they might have been a victim of phishing. It’s important to take steps to scan for malware and change passwords as soon as possible if you suspect a successful attack has occurred. Do not punish staff if they get caught out.
Tip 5: Check your digital footprint
Attackers use publicly available information about your organisation and staff to make their phishing messages more convincing. This is often gleaned from your website and social media accounts (information known as a ‘digital footprint’).
Related links
Digital Care Hub’s cyber security guidance
NCSC cyber security guidance for small businesses
CrowdStrike blog – Likely ecrime actor capitalizing on Falcon Sensor issues
View all News