Compliance & Risks
Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike
On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.
This is an extremely unfortunate situation for those affected, and we hope for a speedy remediation and recovery for all those involved.
While many eyes will be focused on the recovery of their Windows environment, it is important to remember to diligently monitor your non-Windows environments, as adversaries can take advantage of distracted teams. Our research team is constantly watching the general landscape to see if threat actors are taking advantage in any way and will share any significant developments here.
In the quest to stay a step ahead of the bad guys, sometimes software is pushed quickly. And the nature of software is that there are sometimes bugs. It is important to have processes in place to catch and mitigate bugs quickly, and to evolve software deployment processes to avoid impacting an entire global customer base simultaneously.
At Trend, we have a variety of resilience strategies based on our own experiences that we continually enhance across our people, process, and technology. We take a ring deployment approach that allows us to roll out software updates in batches starting with our own internal deployment, and then to groups of customers to limit exposure if issues are found. Additionally, we have blue screen of death (BSOD) monitoring and operational capabilities to rollback affected builds rapidly.
Trend continues to be on standby to help and we will continue to monitor the situation and provide updates from our research team in this blog.
Current threat activities seen or concerned aboutUpdated: July 20 at 9:00 pm CT
An example of a technical support scam, this one claiming to provide assistance to affected organizations, can be seen below:
This tech support scam can be found at crowdstrikebluescreen[.]com.
Legal scams involving this incident have also been seen:
This legal scam was found at crowdstrikeclaim[.]com.
Updated: July 19 at 4:00 pm CT
Per our comment above, adversaries take advantage of these incidents to target victims with a multitude of attacks. We recommend you be on the lookout for:
- Phishing emails using the incident as a lure to click a link or open an attachment
- Technical support scams
- Adversaries targeting your non-Windows infrastructure
An example of a technical support scam is one recently found:
On 2024-07-18, CrowdStrike deployed a defective update that leads to Windows machines running CrowdStrike Falcon being stuck in an endless boot loop (or BSOD).
This program fixes that, and removes the defective updates from a Windows machine. The program is portable, without any dependencies, and can be used on USB flash drives, too.
PAYMENT
Product Type Supported Architectures Price Windows binary amd64 / x86 500.000 EUR Source Code (go) any 1.000.000 EUR
Wallet address: 0x1AEAe8c6F600d85b3b676ac49bb3816A4eB4455b
Accepted payment options: BTC or ETH
This comes from a crypto scam site: fix-crowdstrike-apocalypse[.]com.