The Indian cybersecurity agency CERT-In has reported that users affected by the recent global computer outage are now being targeted by phishing attacks. Fraudsters are posing as CrowdStrike support staff, offering system recovery tools but instead installing malware.
A CERT-In advisory issue on Saturday warns that these attacks could trick users into installing unidentified malware, potentially causing data leaks and system crashes. The global computer outage on July 19, caused due to a faulty update to the CrowdStrike Falcon Sensor software, resulted in Windows crashes, grounding flights, and affecting business, banking, and hospital systems across the globe, as per a report from PTI.
While systems have been restored now with fixes from Microsoft and CrowdStrike, hackers are selling software scripts claiming to automate recovery. CERT-In noted that these attackers are also disturbing Trojan malware, under the disguise of recovery tools.
Also Read: OpenAI Testing Its Google Search Rival SearchGPT
How Do These Phishing Attacks Work
Phishing attacks include scammers mimicking reputable entities through email, texts, or phone calls to trick victims into revealing sensitive personal information, such as banking details and login credentials.
CERT-In has advised users and organizations to configure firewalls to block 31 types of URLs, including 'crowdstrikeoutage[.]info' and www.crowdstrike0day[.]com', as well as several hashes.
The advisory also recommends several trusted cyber hygiene practices: getting software patch updates from authentic sources, avoiding documents with ".exe" links, being cautious of suspicious phone numbers, clicking only URLs with clear website domains, and using safe browsing tools along with appropriate firewalls.
"Ensure that websites have valid encryption certificates by checking for the green lock in the browser's address bar before entering sensitive information, such as personal details or account login information," the advisory adds.
Also Read: Oppo To Roll Out Custom AI Features For Indian Market Soon
Microsoft Could Bring Surprising Changes To Curb Outages
The recent IT outage wasn’t just bad for CrowdStrike, but also a wake-up call for Microsoft. To avoid such instances in the future, Microsoft could take some serious steps, as it is evaluating blocking third-party security software from accessing the Windows Kernel, according to a blog post by John Cable, VP of program management for Windows servicing and delivery.
If this change were to be put in place, the restriction would imitate Apple’s 2020 move, which limited third-party software from accessing its core OS. The change was brought to macOS Big Sur, making sure that every system partition that contains the core OS is cryptographically verified, down to every last file.
The goal is to curb third-party entities that could melt down the whole system.
But this change isn’t easy to pull off. The company tried doing the exact same thing in 2006 with Windows Vista, curbing third parties from having Kernel access. However, the plan failed due to resistance from EU regulators and complaints from cybersecurity vendors.