Scammers and other bad actors are often on the lookout for new lures to improve the effectiveness of their campaigns. The global outage from the CrowdStrike bug is no different: although widespread campaigns are not yet being seen in the wake of the outage, numerous website domains are being registered to look similar to CrowdStrike.

It's important to remember the basic guidance that many of us have heard before:

• always check if a communication (email/txt or call) is from a legitimate source. If you’re not sure, reach out through a different communication method (for example looking up the phone number on the official website)

• IT experts are working hard to apply the fix for this issue. They will be using formal channels to communicate directly with Crowdstrike.

• Follow the instructions of your trusted IT support person, it is fine to check they are legit before having discussions with them.

This isn’t an issue for the general public to worry about resolving, so any emails received by regular citizens claiming to be from or about CrowdStrike should be treated with caution.

For the general public, instead seek updates from the source of truth for example publicly announced updates from companies on their official websites and verified social media. Do not rely on updates pushed to you as these could be scams.

ACSC has a simple advisory for the Australian business and public: https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update

Otherwise, IT specialists have access to lists of domains that are able to be blocked - which can be an on-going whack-a-mole task. Crowdstrike have published a number of domains on their blog:

https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/

Or for technical specialists:

https://github.com/jkerai1/SoftwareCertificates/blob/main/Bulk-IOCɮCSVs/Crowdstrike%20M DE%20IOC%20-%20Impersonation%20of%20crowdstrike%20over%20global%20outages.csv

ENDS

The New Zealand Internet Task Force (NZITF) is a non-profit organisation with the mission of improving the cyber security posture of New Zealand. Our members are IT security professionals who work together through trusted forums to make the Internet safer for all New Zealanders.

Please send NZITF Media Requests to media@nzitf.org.nz. A PDF version of this post is available here.

CrowdStrike outage shows New Zealand's critical technology dependencies  

The New Zealand Internet Task Force is tonight reminding people that the basics are what keep our online lives safe after the wide scale CrowdStrike outage has impacted services nationally and internationally.

“While there is no indication that there is anything malicious behind the outages that kiwis are experiencing to services tonight, it’s a solid reminder that our lives are firmly intertwined with online services” says Tandi McCarthy, New Zealand Internet Task Force spokesperson.

The outage is the result of an update to CrowdStrike Falcon, security software that protects systems from viruses and other threats. Affected organisations and their IT specialists should make sure that they are connected with Crowdstrike through the formal support channels to receive the correct fix and guidance.

“It’s scary how business as usual changes can take whole systems offline. We are seeing the wide scale and potentially physically harmful effects that a big outage can have. Our peers in Australia and further afield are seeing outages impact healthcare and transport, among other industries.

“There is a fix in place from CrowdStrike, but  it’ll take time for organisations to work through and implement it and this will be different for every organisation. People are going to be working really hard, and likely throughout the night and weekend, to get this sorted.”

Incidents like this are a reminder that organisations should understand and document their dependencies on systems and how to get help when something goes wrong. 

ENDS

The New Zealand Internet Task Force (NZITF) is a non-profit organisation with the mission of improving the cyber security posture of New Zealand. Our members are IT security professionals who work together through trusted forums to make the Internet safer for all New Zealanders.

Please send NZITF Media Requests to media@nzitf.org.nz. PDF version available here.