Due to CrowdStrike’s most recent update, numerous vital infrastructures and organizations encountered unexpected and serious challenges on Friday. Many devices saw the Blue Screen of Death (BSOD) after the upgrade, making them unusable. The faulty update has been fixed by CrowdStrike, but the potential risks don’t end there.
Following the CrowdStrike update issue, threat actors began to register fake domains in an attempt to use the outage to target enterprises through social engineering attacks. Although these domains aren’t specifically phishing pages, they could nevertheless be used maliciously. Threat actors may disseminate different infections under the pretext of “solutions to fix the problem” or demand payment. They might also request sensitive data in order to reach the “support line.”
The fake website below shows one of the scamming attempts. It presents itself as a support page of CrowdStrike and offer fake services.
Here are some examples of the suspicious domains:
- crowdstrike-bsod[.]com
- crowdstrike-helpdesk[.]com
- crowdstrike0day[.]com
- crowdstrike[.]fail
- crowdstrikebluescreen[.]com
- crowdstrikebsod[.]com
- crowdstrikebug[.]com
- crowdstrikeclaim[.]com
- crowdstrikedoomsday[.]com
- crowdstrikedown[.]site
- crowdstrikefail[.]com
- crowdstrikefix[.]com
- crowdstrikefix[.]zip
- crowdstrikehealthcare[.]com
- crowdstrikeoopsie[.]com
- crowdstrikeoutage[.]info
- crowdstrikereport[.]com
- crowdstriketoken[.]com
- crowdstrikeupdate[.]com
- crowdstrikeupdate[.]com
- fix-crowdstrike-apocalypse[.]com
- fix-crowdstrike-bsod[.]com
- iscrowdstrikedown[.]com
- iscrowdstrikedown[.]com
- isitcrowdstrike[.]com
- microsoftcrowdstrike[.]com
- whatiscrowdstrike[.]com
