The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the recent CrowdStrike outage, warning that malicious actors are actively exploiting the situation to conduct phishing and other cyber attacks.
CISA’s Key Warnings
CISA emphasized several critical points in their alert:
- Threat actors are taking advantage of the CrowdStrike outage for malicious activities.
- Only follow instructions from legitimate and verified sources.
- Avoid clicking on phishing emails or suspicious links.
- Organizations should remind employees about the risks of phishing emails and suspicious links.
The CrowdStrike Outage and Its Implications
On July 19, 2024, CrowdStrike experienced a significant outage due to a defective content update for Windows hosts. While CrowdStrike has resolved the issue, the incident has created an opportunity for cybercriminals to exploit the situation.
To learn more about the CrowdStrike outage and its implications, connect with a SlashNext security expert.
The Need for a “Trust Nothing, Verify Everything” Approach
In light of CISA’s warnings, organizations must adopt a zero-trust security posture. Traditional methods like URL rewriting and user training, while important, are no longer sufficient on their own. To effectively combat sophisticated phishing attempts exploiting the CrowdStrike outage, organizations should implement:
- Virtual Browser Detonation: Safely execute suspicious links in isolated environments to detect malicious behavior.
- Computer Vision Analysis: Use AI-powered image recognition to identify visual elements commonly associated with phishing attempts.
- Natural Language Processing (NLP): Analyze the content of messages and websites to detect suspicious language patterns indicative of phishing.
- Behavioral Analysis: Monitor user and system behaviors to identify anomalies that may indicate a phishing attack in progress.
- Real-time Threat Intelligence: Leverage up-to-date information on emerging threats related to the CrowdStrike outage.
By combining these advanced technologies, organizations can create a robust defense against the surge of phishing attempts targeting victims of the CrowdStrike outage. This multi-layered approach is essential for detecting and preventing sophisticated attacks that may slip through traditional security measures.
Emerging Threats: Malicious Domains
In the wake of the outage, we’ve observed a surge in suspicious domains attempting to capitalize on the situation. These domains are designed to deceive users and administrators, often posing as official support channels or offering fraudulent fixes for the CrowdStrike-related issues.
Empowering Admins: Block These Domains
To help protect your organization, we’ve compiled a list of potentially malicious domains related to this incident you will want to block. We strongly recommend blocking these domains across your network to mitigate potential risks:
crowdstrike-helpdesk.com crowdstrikebluescreen.com crowdstrike-bsod.com crowdstrikedown.site crowdstrike0day.com crowdstrikedoomsday.com crowdstrikefix.com crashstrike.com crowdstriketoken.com fix-crowdstrike-bsod.com crowdstrike.okta.com/app/coupa/exkqmsghe0qkvea070x7/sso/saml crowdstrike-falcon.online crowdstrikerecovery1.blob.core.windows.net crowdstrikeoutage.com isitcrowdstrike.com crowdstrike.black crowdstrikefix.zip
This list is not exhaustive and may grow as new threats emerge. We recommend continuous monitoring and updating of your blocklists.
How to Use This List
-
Export to Text or CSV: Copy the above list and save it as a .txt or .csv file for easy import into your security tools. We have created more thorough lists for convenience.
-
Update Firewalls and Web Filters: Use this list to update your firewall rules and web filtering solutions to block access to these domains.
-
Configure Email Security: Ensure your email security solutions are configured to block messages containing these domains.
-
Educate Your Team: Share this list with your IT and security teams to increase awareness of these potential threats.
To learn more about domain blocking and using this list, connect with a SlashNext security expert.
Stay Vigilant
Remember, threat actors are employing various tactics beyond just malicious domains. Be wary of:
- Phishing emails posing as CrowdStrike support
- Impersonation attempts via phone calls
- False claims of evidence linking the outage to cyberattacks
- Offers of automated recovery scripts
Conclusion
CISA’s warning about threat actors exploiting this situation for phishing and other malicious activities highlights the urgent need for robust, automated phishing protection. By staying informed and taking proactive measures, we can significantly reduce the risk of falling victim to these emerging threats. At SlashNext, we’re committed to providing you with the latest threat intelligence to keep your organization secure.
Stay vigilant and keep your defenses updated, but remember: manual threat detection and prevention can be overwhelming. That’s where SlashNext comes in. Our advanced AI-powered phishing protection platform can automatically detect and prevent these types of phishing threats in real-time, across all communication channels.
To learn more about how SlashNext can bolster your cybersecurity defenses and provide peace of mind in the face of evolving threats, connect with a SlashNext security expert. Don’t let cybercriminals catch you off guard – empower your organization with SlashNext’s cutting-edge protection.
Remember, when it comes to cybersecurity, an ounce of prevention is worth a pound of cure – and SlashNext is here to provide that prevention.
