Cybersecurity

The CrowdStrike Outage is Just the Start

Charles henderson

Charles Henderson

EVP, Cyber Security Services, Coalfire

July 19, 2024

Starting early Friday morning in the US, organizations around the world are struggling to recover from “the largest IT outage in history,” attributed to an update pushed by CrowdStrike to its Falcon sensor. If your organization is affected, follow CrowdStrike’s guidance here.  

Successful recovery of IT systems will only be the first hurdle for security organizations. As we’ve seen countless times over the years, attackers will certainly use the disruption and public awareness of this issue to further their attacks.  

Starting now and for at least the next month, all organizations should be in a heightened state of vigilance for phishing emails purporting to be from, or affiliated with, CrowdStrike.  

The US Cybersecurity & Infrastructure Security Agency (CISA) previously released tips for end users to recognize phishing emails, which include: 

  • Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately 
  • Requests to send personal and financial information 
  • Untrusted shortened URLs 
  • Incorrect email addresses or links, like “coaIfire.com” 

If you’re looking at that last bullet and wondering what’s wrong with that URL, look more closely. The “L” is actually an uppercase “i.” This is a type of typosquatting attack that threat actors frequently use to make it more difficult for users to spot phishing emails.  

Another typosquatting tactic is to take the original domain and add words or other characters to make the email seem legitimate. As an example, we queried the Internet Corporation for Assigned Names and Numbers (ICANN) earlier this morning, and noted the following domains were registered today (7/19):  

  • crowdstrikeoutage[.]com 
  • crowdstrikebluescreen[.]com 
  • crowdstrikefix[.]com 

This doesn’t mean these specific domains are malicious, nor is this an exhaustive list – there are certainly more to come. It is, however, an early indicator of the heightened attention in this area.  

If you’re unsure of how ready your organization is to defend against threat actors likely to use these tactics, techniques, and procedures, Coalfire is here to help. Contact us here for phishing services, adversary simulation, threat hunting, and more proactive threat-centered programs.