Following the worldwide IT outage on Friday 19th July, caused by a faulty CrowdStrike anti-virus software update, it was no surprise that cybercriminals jumped at the chance to trick anyone needing advice or help to reboot their laptops and devices.

In the hours and days after the incident that caused an estimated 8.5 million computers to show the blue screen of death, CrowdStrike had to contact thousands of customers around the world. So, criminals did the same – they contacted CrowdStrike’s customers. Impersonating someone else by email or phone is something many of them know how to do very well – and in this case plenty of innocent people believed they were being helped by the security vendor’s support staff.

Phishing for information

Although cyber-attacks are increasing in sophistication – especially those conducted by nation states – the most common methods used remain the simplest. Phishing is still the favoured technique. This is when cybercriminals send fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like usernames and passwords, and debit and credit card numbers. Financially motivated criminals will almost always go for the easy options to make money fast, but they sometimes see an opportunity to gain extra information from an unsuspecting contact.

However, if posing as legitimate CrowdStrike technical staff didn’t work, some pretended to be independent experts. Instead of offering the straightforward fix that the IT vendor recommended, the perpetrator tried to convince anyone who would listen that the outage was indeed caused by a cyber-attack and that they could fix it for them.

Typosquatting tricks of the trade

In the aftermath of the IT outage, malicious individuals would have registered popular websites containing misspellings to trick users into visiting dodgy websites. This trick is called typo-squatting. When visiting websites or clicking on links, few people carefully read the complete web address to check it’s genuine. This is especially true when in a rush to get their computers working again. And, if they receive an email from someone that they believe is an authentic source, they’ll trust the links without question.

Akamai, a security research firm, has listed almost 200 such domains on the Microsoft-owned GitHub website in the first two weeks following the IT outage. The risk is that people trust these websites and innocently download any software from them which they think might help solve their technical issues.

The most convincing fake sites showed the CrowdStrike logo and branding and included ‘crowdstrike’ in the URL with the .com suffix. In addition, they sometimes contained ‘microsoft’, ‘helpdesk’, or ‘fix’. It’s highly likely that these types of attacks will continue beyond the point when all the impacted devices have been rebooted.

Cyber security basics

According to Microsoft’s Digital Defense Report 2023, basic security hygiene still protects against 99% of attacks. And by installing multi-factor authentication (MFA), the risk of compromise will also be reduced by over 99%.

But it’s important that the business’s employees and contractors have a good degree of cyber awareness and training to always adhere to these principles. The best approach is to instil a culture of cyber security awareness and run regular training sessions for staff to ensure employees aren’t the weakest link but are the first line of defence for the organisation.

Safety in numbers around the clock

The next level of security is to use 24-hour monitoring to keep a constant watch on the entire IT estate. This is what a managed detection and response (MDR) service is for. Quorum Cyber’s MDR is operated by an 80-strong team based entirely in the UK. But they don’t just monitor devices, systems, and networks, they detect and respond to cyber incidents and remediate the issues. Furthermore, any lessons the team learns from one customer are applied to all other Quorum Cyber customers, ensuring any new threats are quickly mitigated – even without the customer realising they were ever a potential risk.

Find out more

Whatever your cyber security or data security needs, get in touch today to discuss how Quorum Cyber can help protect your organisation’s assets and data from harm.