KUALA LUMPUR – The Malaysia Computer Emergency Response Team (MyCert) has reported an increase in phishing attacks following the global IT outage caused by a CrowdStrike software update yesterday.
The government cybersecurity agency said that cybercriminals are exploiting the outage by setting up phishing domains, command-and-control (C2) servers, IP addresses, and malware binaries.
“These attacks are potentially crafted to deceive users into divulging sensitive information and installing malicious software in the midst of the recent CrowdStrike incident,” the agency said in a statement.
Domain phishing involves the creation of fraudulent websites that mimic legitimate ones to deploy malware and steal user credentials such as passwords and usernames.
MyCert noted that phishing sites are demanding payments to resolve CrowdStrike-related issues. Attackers are using C2 servers to control compromised devices and extract data.
Regarding malware, the agency explained that malicious payloads are often delivered through websites or emails to infect devices.
Latest malicious codes detected
MyCert also revealed it has detected new malicious code attacks disguised as software updates for CrowdStrike.
“These malicious codes, which were named RemCos are a type of Trojan (virus) which is capable of accessing user computers’ documents and audios as well as stealing lists of passwords belonging to users of the ‘infected’ computers,” it said.
MyCert advised organisations to strengthen their defences against the surge in phishing attacks, C2 IPs, and malware binaries by monitoring and protecting based on provided Indicators of Compromise (IoCs).
“Generally, CyberSecurity Malaysia advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.”
Microsoft reported it had identified the root cause of the outage and successfully restored most affected services. However, some customers may still experience issues.
The outage affected various Microsoft 365 services, including Teams, and was linked to a new CrowdStrike update among Windows 10 users.
CrowdStrike, an American cybersecurity technology company based in Austin, Texas, provides workload and endpoint security, threat intelligence, and cyberattack response services.
The outage impacted several major companies globally, including news outlets, airlines, and airports. – July 20, 2024