Following the CrowdStrike Falcon Sensor update issue on July 19, 2024, Redpoint Cyber Security has been closely monitoring the situation. We have received critical intelligence from CrowdStrike, CISA, and NCSC UK regarding malicious actors attempting to exploit this incident. As your trusted cybersecurity partner, we’re providing this urgent update to help protect your organization.
Current Situation
Threat actors are leveraging the CrowdStrike incident as a lure for various malicious activities:
1. Phishing campaigns impersonating CrowdStrike support
2. Phone calls from individuals posing as CrowdStrike staff
3. Fake “independent researchers” claiming evidence of a cyberattack
4. Sale of fraudulent “recovery scripts”
Identified Threats
Multiple domains impersonating CrowdStrike have been detected. While some may not currently host malicious content, they pose potential risks for future social-engineering operations.
Redpoint Cyber Security’s Response and Recommendations
Verify Communication Channels
- Only communicate with CrowdStrike through official, verified channels.
- Be wary of unsolicited emails, calls, or messages claiming to be from CrowdStrike.
Implement Email Filtering
- Update email filters to flag or block messages from the identified malicious domains.
- Use the provided list to enhance your organization’s email security measures.
Employee Education
- Alert your staff about these new phishing and social engineering attempts.
- Conduct an emergency briefing on identifying and reporting suspicious communications.
Network Security
- Use the provided Falcon LogScale query to hunt for potential compromises.
- Block access to the identified malicious domains at the network level.
Patch Management
- Ensure all systems are updated with the latest CrowdStrike patch.
- Verify the authenticity of any patch or update before implementation.
Incident Response Readiness
- Review and update your incident response plan to address these new threats.
- Conduct a tabletop exercise simulating a response to these specific attack vectors.
Third-Party Risk Management
- Alert your partners and vendors about these threats, especially if they use CrowdStrike products.
- Review access privileges for third-party vendors to limit potential damage from a breach.
Enhanced Monitoring
- Increase scrutiny of network traffic, especially communications with unfamiliar domains.
- Monitor for unusual login attempts or account activities that could indicate compromise.
Backup and Recovery
- Ensure all critical data is backed up and easily recoverable.
- Test your recovery processes to ensure they’re effective against potential ransomware attacks.
Seek Expert Assistance
- If you suspect your organization has been compromised, contact Redpoint Cyber Security
immediately for expert assistance.
Redpoint’s Ongoing Support
Our team at Redpoint Cyber Security remains fully operational and ready to assist you in navigating this evolving threat landscape. We offer:
- 24/7 incident response support
- Threat hunting and analysis services
- Security posture assessments
- Custom security solutions tailored to your organization’s needs
Don’t hesitate to reach out if you need any assistance or have questions about protecting your
organization from these emerging threats.