CERT-In’s website states, “There are reports of an ongoing phishing campaign targeting CrowdStrike users leveraging this issue.”
The agency detailed several tactics used in the phishing attack, including fraudulent emails posing as CrowdStrike support, phone calls impersonating CrowdStrike personnel, sale of fake software scripts claiming to automate recovery from the update issue, and the distribution of trojan malware disguised as recovery tools.
In essence, this phishing campaign deceives CrowdStrike users with fake emails and calls, bogus recovery software, and malicious malware posing as legitimate recovery tools.
CERT-In warns, “These attack campaigns could entice unsuspected users to install unidentified malware, leading to sensitive data leakage, system crashes, and data loss.”
To safeguard against this phishing campaign, follow these precautions:
- Verify Communications: Always confirm the legitimacy of emails and calls purporting to be from CrowdStrike support by contacting CrowdStrike directly through official channels.
- Avoid Unverified Software: Refrain from downloading or installing software scripts or tools unless they are verified and sourced directly from CrowdStrike.
- Verify official updates: Use updates and recovery tools exclusively from CrowdStrike or Microsoft’s official channels.
- Be Cautious of Links: Avoid clicking on links or downloading attachments from unsolicited emails or messages.
- Utilize security software: Make sure your system is equipped with the latest antivirus and anti-malware programs.
- Report Suspicious Activity: Report any suspicious communications or unusual activity to CrowdStrike and your cybersecurity team immediately.
By adhering to these steps, CrowdStrike users can better protect themselves from the ongoing phishing threat and ensure their systems remain secure.
3.6 Crore Indians visited in a single day choosing us as India’s undisputed platform for General Election Results. Explore the latest updates here!
Published: 29 Jul 2024, 03:45 PM IST
