Skip to main content

Malware Attacks Alert - Malicious Malware Activities in the Theme of CrowdStrike Outage Event

Release Date: 25 Jul 2024 3654 Views

Type: Malware

Malware Attacks Alert

Current Status and Related Trends

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor software impacting Microsoft Windows operating systems was identified, official fix has been released from both CrowdStrike and Microsoft. News has indicated that threat actors have been using the mentioned event to leaverage further cyber attacks.

 

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) found reports that criminals continue to evolve their attack tactics. Those include using fake CrowdStrike recovery manuals, fake remediation solutions and fake software updates to deliver unidentified malware, which could lead to sensitive data leakage, system crashes, and data loss. According to related information, HKCERT has observed the following attack tactics to spread malware that are taking advantage of this incident:

 

  • Fake recovery manual
    A new type of malware is spreading through Word documents that contain macros. These documents pretend to be Microsoft recovery guides to trick people into opening them. Once opened, the macros activate and start stealing sensitive information like passwords. This stolen information is then sent to the attacker's server.
  • Fake remediation solutions
    Through phishing sites and fake intranet portals to promote fake CrowdStrike hotfix. Fake hotfix delivered a malware loader then dropped a remote access tool that can be controlled by hackers on the infected system.
  • Fake CrowdStrike update
    Phishing emails included a link to download a ZIP file that contained an executable named 'Crowdstrike.exe'. After being executed, "data wiper" was extracted to a folder under "%Temp%"and launched to destroy data stored on the device.

HKCERT urges the public to be vigilant against the phishing attacks and recommends that users should:

 

  • Apply remediation methods provided by official websites (Such as remediation methods provided by CrowdStrike)
  • Obtain software patch update from trusted source (Such as recovery tool provided by Microsoft)
  • Check website certificates on download page to ensure legitimate source, avoid executing files from untrusted source.
  • Use browser settings to enable download protection which can issue warnings about potentially harmful websites or downloads.
  • Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.

 

If the public encounter a malware attack, HKCERT recommends that users should:

 

  • Immediately disconnect from the network to prevent further spread of the malware
  • Conduct a comprehensive system scan to identify and remove any malicious software
  • Restore from a backup (such as an external hard drive) to recover lost or compromised data
  • Install security software to safeguard against future attacks