Regarding the CrowdStrike software update failure incident on 19 July 2024, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) found reports that criminals continue to evolve their attack tactics. These tactics include using fake CrowdStrike recovery manuals, fake remediation solutions, and fake software updates to deliver unidentified malware, which could lead to sensitive data leakage, system crashes, and data loss.
According to related information, HKCERT has observed the following attack tactics to spread malware that take advantage of this incident:
Fake recovery manual

A new type of malware is spreading through Word documents that contain macros. These documents pretend to be Microsoft recovery guides to trick people into opening them. Once opened, the macros activate and start stealing sensitive information like passwords. This stolen information is then sent to the attacker’s server.

Fake remediation solutions

Through phishing sites and fake intranet portals to promote fake CrowdStrike hotfix. Fake hotfix delivered a malware loader then dropped a remote access tool that can be controlled by hackers on the infected system

Fake CrowdStrike update

Phishing emails included a link to download a ZIP file that contained an executable named ‘Crowdstrike.exe’. After being executed, “data wiper” was extracted to a folder under “%Temp%” and launched to destroy data stored on the device.

HKCERT urges the public to be vigilant against the malware attacks and recommends that users should:

Apply remediation methods provided by official websites (Such as remediation methods provided by CrowdStrike)
Obtain software patch update from trusted source (Such as recovery tool provided by Microsoft)
Check website certificates on download page to ensure legitimate source, avoid executing files from untrusted source.
Use browser settings to enable download protection which can issue warnings about potentially harmful websites or downloads.
Use the free search engine “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.

If the public encounter a malware attack, HKCERT recommends that users should:

Immediately disconnect from the network to prevent further spread of the malware.
Conduct a comprehensive system scan to identify and remove any malicious software.
Restore from a backup (such as an external hard drive) to recover lost or compromised data.
Install security software to safeguard against future attacks.

Source: HKCERT
 
 
 The post Notice: Malware Attacks Exploit CrowdStrike Software Failure first appeared on IT News Africa | Business Technology, Telecoms and Startup News.