CERT, which is an Indian cybersecurity agency, warned users of facing phishing attacks. After the Microsoft outage, reports suggest that you can be targeted by phishing attacks.
According to CERT, fraudsters are identifying themselves as CrowStrike support staff and installing malware in your software.
Understanding the malware
On Saturday, a security advisory was issued by CERT warning that fraudsters can install malware in your devices, in the name of fixing your devices. The advisory explained that these attacks could trick you into installing unidentified malware, potentially causing data leaks and system crashes.
The phising scams are expected to come after the global outage of Microsoft that took place on July 19. As reported by PTI, The global computer outage on July 19, was caused by a faulty update to the CrowdStrike Falcon Sensor software. The glitch eventually resulted in Microsoft Windows operating system crashes, grounding flights, and affecting business, banking, and hospital systems worldwide, among others.
In spite of systems getting recovered with official fixes from CrowdStrike and Microsoft, attackers are selling software scripts ‘claiming to automate recovery.’Moreover, the fraudsters are impersonating themselves as CrowdStrike employees to gain the trust of their targets. CERT-In explained that these phishing attackers are also sharing Trojan malware, portraying the malware as recovery tools for the phishing attacks.
The safety guidelines
So how do phishing attacks take place? Initially users can receive a text message or call or email, claiming that the sender is from CrowdStrike support staff. They then trick the victim to reveal sensitive personal information, such as banking details and login credentials.After that in the disguise of initiating safety measures, the fraudster installs malware into your device. The malware then eventually drakes control over your device without your knowledge.
In order to stay safe from this malware the CERT has mentioned that users and organisations are advised to configure firewalls to block 31 types of URLs, including ‘crowdstrikeoutage[.]info’ and http://www.crowdstrike0day[.]com’, as well as numerous hashes. Other safety practices can include the following:
- `You should obtain software patch updates from authentic sources
- You should try avoiding documents with “.exe” links
- Start being cautious of suspicious phone numbers
- Try clicking only URLs with clear website domains
- Finally you should use safe browsing and filtering tools along with appropriate firewalls.
Furthermore, “Ensure that websites have valid encryption certificates by checking for the green lock in the browser’s address bar before entering sensitive information, such as personal details or account login information,” CERT concluded.
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook
