Questions? +1 (202) 335-3939 Login
Trusted News Since 1995
A service for global professionals · Monday, November 11, 2024 · 759,491,054 Articles · 3+ Million Readers

ANY.RUN Shares Report on Threats Exploiting Recent CrowdStrike Outage

DUBAI, UNITED ARAB EMIRATES, July 23, 2024 /EINPresswire.com/ -- ANY.RUN, a provider of interactive sandbox and threat intelligence solutions, has released a report detailing the cyber threats exploiting the recent CrowdStrike outage. The report identifies two main sources of threats: fake websites imitating CrowdStrike's official domain name and malware disguised as updates or bug fixes.

𝐂𝐫𝐨𝐰𝐝𝐒𝐭𝐫𝐢𝐤𝐞 𝐎𝐮𝐭𝐚𝐠𝐞 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰

On July 18, CrowdStrike, a well-known cybersecurity firm, released a faulty update that affected millions of Windows users worldwide. This led to a global outage and significant disruptions, causing users to encounter blue screens of death (BSODs) on their devices.

As users and organizations searched for a solution, cybercriminals seized the opportunity to exploit the situation.

𝐅𝐚𝐤𝐞 𝐖𝐞𝐛𝐬𝐢𝐭𝐞𝐬 𝐏𝐫𝐞𝐭𝐞𝐧𝐝𝐢𝐧𝐠 𝐭𝐨 𝐛𝐞 𝐂𝐫𝐨𝐰𝐝𝐒𝐭𝐫𝐢𝐤𝐞

Following the outage, many websites were created with domain names similar to CrowdStrike's official domain. While some were harmless, others were used for phishing attempts.

ANY.RUN's data shows that the highest number of newly-created fake domains appeared on the first day after the outage. Using ANY.RUN's Threat Intelligence Lookup service, analysts identified over 60 fake domains, which are listed in their report.

𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐃𝐢𝐬𝐠𝐮𝐢𝐬𝐞𝐝 𝐚𝐬 𝐔𝐩𝐝𝐚𝐭𝐞𝐬

ANY.RUN observed an increase in campaigns spreading malware as updates. One early example was an archive containing Hijackloader, disguised as a CrowdStrike bug fix. When victims opened the file, it installed Remcos, a remote control malware, on their systems.

𝐀 𝐅𝐚𝐤𝐞 𝐂𝐫𝐨𝐰𝐝𝐒𝐭𝐫𝐢𝐤𝐞 𝐅𝐢𝐱 𝐖𝐢𝐩𝐞𝐬 𝐔𝐬𝐞𝐫𝐬' 𝐃𝐚𝐭𝐚

One of the most sophisticated attacks discovered by ANY.RUN involved a data wiper distributed through a CrowdStrike-themed phishing email and PDF attachment.

The attachment contained an executable that, when launched, asked the user if they wanted to install the update. Upon launching, the wiper erased the system by overwriting files with zero bytes and then reported the successful attack via Telegram.

For the complete report, visit ANY.RUN's blog.

𝐑𝐞𝐜𝐨𝐦𝐦𝐞𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬

ANY.RUN urges users and organizations to remain cautious and verify all updates or hotfixes before installing them. To ensure accurate information and guidance, it is essential to follow CrowdStrike's official statements.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is a trusted cybersecurity service used by over 400,000 professionals. It provides an interactive sandbox for simplified malware analysis on Windows and Linux systems, as well as threat intelligence tools like TI Lookup, Yara Search, and Feeds to help users quickly identify IOCs or files, understand threats, and respond to incidents.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X

Powered by EIN Presswire

Distribution channels: Business & Economy, Companies, IT Industry, Technology

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release