Malware Attacks Alert - Malicious Malware Activities in the Theme of CrowdStrike Outage Event

Release Date: 25 Jul 2024 631 Views

Type: Malware

Malware Attacks Alert

Current Status and Related Trends

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor software impacting Microsoft Windows operating systems was identified, official fix has been released from both CrowdStrike and Microsoft. News has indicated that threat actors have been using the mentioned event to leaverage further cyber attacks.

 

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) found reports that criminals continue to evolve their attack tactics. Those include using fake CrowdStrike recovery manuals, fake remediation solutions and fake software updates to deliver unidentified malware, which could lead to sensitive data leakage, system crashes, and data loss. According to related information, HKCERT has observed the following attack tactics to spread malware that are taking advantage of this incident:

 

  • Fake recovery manual
    A new type of malware is spreading through Word documents that contain macros. These documents pretend to be Microsoft recovery guides to trick people into opening them. Once opened, the macros activate and start stealing sensitive information like passwords. This stolen information is then sent to the attacker's server.
  • Fake remediation solutions
    Through phishing sites and fake intranet portals to promote fake CrowdStrike hotfix. Fake hotfix delivered a malware loader then dropped a remote access tool that can be controlled by hackers on the infected system.
  • Fake CrowdStrike update
    Phishing emails included a link to download a ZIP file that contained an executable named 'Crowdstrike.exe'. After being executed, "data wiper" was extracted to a folder under "%Temp%"and launched to destroy data stored on the device.

HKCERT urges the public to be vigilant against the phishing attacks and recommends that users should:

 

  • Apply remediation methods provided by official websites (Such as remediation methods provided by CrowdStrike)
  • Obtain software patch update from trusted source (Such as recovery tool provided by Microsoft)
  • Check website certificates on download page to ensure legitimate source, avoid executing files from untrusted source.
  • Use browser settings to enable download protection which can issue warnings about potentially harmful websites or downloads.
  • Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.

 

If the public encounter a malware attack, HKCERT recommends that users should:

 

  • Immediately disconnect from the network to prevent further spread of the malware
  • Conduct a comprehensive system scan to identify and remove any malicious software
  • Restore from a backup (such as an external hard drive) to recover lost or compromised data
  • Install security software to safeguard against future attacks

Related Tags

MalwareRisk AlertCrowdStrike

Share with

Related Link

CrowdStrike Denial of Service Alert

19 Jul 2024

|

2311 Views

CrowdStrikeDenial of Service
Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer

23 Jul 2024

|

421 Views

CrowdStrike
Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

24 Jul 2024

|

383 Views

CrowdStrike
Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

24 Jul 2024

|

366 Views

CrowdStrike
Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

24 Jul 2024

|

248 Views

CrowdStrike

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY