I’m Under Attack
Call Us: (833) 635-1525

URGENT UPDATE: Threat Actors Exploiting CrowdStrike Incident

  • Categories: Breach Response, Network Security, Offensive Cybersecurity
Share This

Following the CrowdStrike Falcon Sensor update issue on July 19, 2024, Redpoint Cyber Security has been closely monitoring the situation. We have received critical intelligence from CrowdStrike, CISA, and NCSC UK regarding malicious actors attempting to exploit this incident. As your trusted cybersecurity partner, we’re providing this urgent update to help protect your organization.

Current Situation

Threat actors are leveraging the CrowdStrike incident as a lure for various malicious activities:
1. Phishing campaigns impersonating CrowdStrike support
2. Phone calls from individuals posing as CrowdStrike staff
3. Fake “independent researchers” claiming evidence of a cyberattack
4. Sale of fraudulent “recovery scripts”

Identified Threats

Multiple domains impersonating CrowdStrike have been detected. While some may not currently host malicious content, they pose potential risks for future social-engineering operations.

Redpoint Cyber Security’s Response and Recommendations

Verify Communication Channels

  • Only communicate with CrowdStrike through official, verified channels.
  • Be wary of unsolicited emails, calls, or messages claiming to be from CrowdStrike.

Implement Email Filtering

  • Update email filters to flag or block messages from the identified malicious domains.
  • Use the provided list to enhance your organization’s email security measures.

Employee Education

  • Alert your staff about these new phishing and social engineering attempts.
  • Conduct an emergency briefing on identifying and reporting suspicious communications.

Network Security

  • Use the provided Falcon LogScale query to hunt for potential compromises.
  • Block access to the identified malicious domains at the network level.

Patch Management

  • Ensure all systems are updated with the latest CrowdStrike patch.
  • Verify the authenticity of any patch or update before implementation.

Incident Response Readiness

  • Review and update your incident response plan to address these new threats.
  • Conduct a tabletop exercise simulating a response to these specific attack vectors.

Third-Party Risk Management

  • Alert your partners and vendors about these threats, especially if they use CrowdStrike products.
  • Review access privileges for third-party vendors to limit potential damage from a breach.

Enhanced Monitoring

  • Increase scrutiny of network traffic, especially communications with unfamiliar domains.
  • Monitor for unusual login attempts or account activities that could indicate compromise.

Backup and Recovery

  • Ensure all critical data is backed up and easily recoverable.
  • Test your recovery processes to ensure they’re effective against potential ransomware attacks.

Seek Expert Assistance

  • If you suspect your organization has been compromised, contact Redpoint Cyber Security
    immediately for expert assistance.

Redpoint’s Ongoing Support

Our team at Redpoint Cyber Security remains fully operational and ready to assist you in navigating this evolving threat landscape. We offer:

  • 24/7 incident response support
  • Threat hunting and analysis services
  • Security posture assessments
  • Custom security solutions tailored to your organization’s needs

Don’t hesitate to reach out if you need any assistance or have questions about protecting your
organization from these emerging threats.

Join Our Newsletter & Learn

Get our latest content delivered to your inbox.

Download Case Study