In response to the well-publicised global IT issue, there has been an increase in opportunistic and malicious activities. Criminals are attempting to use this global outage to pretend to help entities and individuals recover from and/or prevent an outage.
Background / What has happened?
- On July 19, 2024, CrowdStrike experienced a significant issue that caused a global IT outage affecting many of its customers.
- This update caused Windows systems to experience a "blue screen of death", rendering many devices inoperable.
- This was not a security incident or cyber-attack, but rather a software update problem.
How can I remain vigilant?
There has been a major increase in reports of threat actors engaging in the following:
- Sending phishing emails posing as CrowdStrike support to customers.
- Impersonating CrowdStrike staff in phone calls.
- Posing as independent researchers, claiming the technical issue is linked to a cyberattack and offering remediation insights.
- Selling scripts that falsely claim to automate recovery from the content update issue.
- Malicious websites and unofficial code are being released claiming to help entities and individuals recover, or prevent, the widespread outage.
If you receive a call from “Microsoft Support” about paying to prevent a blue screen on your computer, do not give that person your passwords, money, etc. A criminal may ask for payment to “fix” or "prevent" the blue screen for you -- hang up.
If you receive a call/text from someone at your work claiming to be Help Desk or IT and they need sensitive details or access to be able to help you, have them chat to you on an internal tool such as Microsoft Teams, or email you from their work email account using a phone to confirm identity before granting access.
Please be mindful of these and remain extra vigilant. We encourage you all to share this information with your family and friends.
