On July 18th newsrooms were buzzing about the Crowdstrike outage that was wiping out flights, medical procedures, and grocery store systems. Was it caused by a major cyber security breach? How long will the outage last? Media outlets scrambled to find the answers for communities affected by these outages.

Meanwhile, even though the outage was apparently caused by an accidental misconfiguration at Crowdstrike, cyber scammers were hard at work within a day, preparing their attacks, while businesses and individuals were at their most vulnerable. In today’s blog, we will review the Crowdstrike outage, what caused it, and the scams that came with the aftermath. Let’s get into it. 

What happened?

Crowdstrike is a major cyber security firm that specializes in a cloud-based security platform. One of their most significant clients is technology giant, Microsoft, which provides software to other large enterprises around the world including travel, medical, and government organizations. 

Trouble began when Crowdstrike released an update to their Falcon sensor, which resulted in a logic error that caused massive disruptions to the Microsoft platform. These issues then trickled down to Microsoft customers including major airlines, Delta, and healthcare giant, Pfizer. 

Photo by Maksym Zakharyak on Unsplash

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

It is reported that 175 Fortune 500 companies were impacted by this outage, losing $44 million each, on average. However, the impact went beyond these giant companies, as urgent surgeries and about 2,800 flights were cancelled in the US alone, impacting families and businesses. 

Was the Crowdstrike outage caused by a cyber security incident?

Despite the widespread speculation, the CrowdStrike outage was not caused by a cyber attack. It was an internal error due to a faulty update. However, the chaos it caused created an opportunity for cyber criminals to launch their own attacks, leveraging the confusion to trick unsuspecting victims.

Crowdstrike scams

In the aftermath of the outage, cyber criminals pounced on the opportunity to take advantage of customers while they were distraught and customer service abilities were limited. The following scams emerged in the days and weeks after:

• Phishing Attacks: Cyber criminals sent emails posing as CrowdStrike or other IT support services, offering fixes or updates to individuals and employees impacted by the outages. Cyber criminals would often lure individuals to click on malicious links or open attachments for “help” with the outage, but then steal credentials or deploy malware.
• Fake Websites: Scammers created cloned websites mimicking Crowdstrike’s official site, offering fraudulent solutions or updates to fix the outage. These sites often collected sensitive information or distributed malware.
• Social Media Scams: On platforms like Twitter and LinkedIn, fake accounts claiming to be Crowdstrike representatives offered assistance, directing users to malicious sites or requesting personal or financial information from individuals. 

How to stay vigilant 

In light of such incidents, it’s crucial to adopt a vigilant approach and remind your employees to have a vigilant approach to cyber security. Make sure you are taking these precautions during outages or any scenario where tensions are high:

1. Verify sources of emails, texts and voice calls: Always verify the sender’s email address and website URL before clicking on any links or providing any information. Even texts and voice calls can be faked to create pretexts for scams. Take a look at Crowdstrike’s official website and note down their official domain. Official communications from Crowdstrike or any other company will come from the same domain. 
2. Be skeptical of unsolicited offers: If you receive unexpected offers of help or solutions, especially those that ask for sensitive information or immediate action, be skeptical and cross-check with official sources.
3. Be calm: Although situations like these cause panic, try your best to stay calm and not take drastic actions based on emotional responses. Remember to stop and take a breath, act slowly, think twice before taking an action. Reminding your employees to slow down and be vigilant, can also help them stay calm during the chaos and make better security decisions.  
4. Host an Emergency Meeting: If you are a security manager, consider taking the time to call an emergency meeting if your team is affected by a major outage like this one, or set aside 5 minutes of a meeting already scheduled to address the outage. Remind all employees that their guard needs to be up at all times, as scammers are on the move during these stressful times. Offer your guidance and have open office hours for individuals to come to you for help during this type of crisis. 
5. Stay Updated: Follow official updates from vendors and trusted cyber security sources to stay informed about the latest developments and recommended actions. Consider sending all updates in your organization’s #security channel or other communication channel to keep all employees informed. 

The CrowdStrike outage of July 2024 highlighted the vulnerabilities that can arise from even well-established cyber security firms. While the outage was not a result of a direct cyber attack, the following scams demonstrated the opportunistic nature of cyber criminals. By staying vigilant, verifying sources, and educating yourself and your employees, you can better protect against such threats in the future. Stay informed and always approach unsolicited communications with caution to safeguard your digital assets.