In the wake of recent global service outages related to the CrowdStrike application, advanced social engineering attacks from threat groups like Carbon Spider (FIN7), Scattered Spider, and Roy/Zeon are on the rise.
What happened – A global outage of Windows computers occurred on Friday, July 19 from an update by CrowdStrike to their Falcon endpoint software. The effects of the outage were widespread, causing Financial Services, Airports, Health Services, and many other industries to be temporarily inoperative.
Read: What caused the great CrowdStrike-Windows meltdown of 2024? History has the answer | ZDNET
Why this is important – Threat actors are exploiting the recent outages to impersonate IT personnel and craft convincing phishing campaigns.
Read: Okay, now you have to watch out for CrowdStrike outage scams | consumeraffairs.com
These actors gather information from public sources, like company LinkedIn pages, and details from previous breaches, posing as IT support from within your organization or from trusted vendors like Microsoft and CrowdStrike.
Phishing emails and phone calls referencing the recent outages and offering assistance often add a layer of urgency. Attackers may pressure you to bypass security protocols or bombard you with authentication requests until you unwittingly grant unauthorized access.
Recommended best practices:
- Never bypass security protocols. Your team will never ask you to circumvent established security measures.
- Do not be pressured into responding hastily. Urgent requests should be verified using a separate internal contact method before taking any action.
- Report suspicious communications immediately to your IT team, MSP, or cyber vendor.
- Use multifactor authentication (MFA) whenever possible, and opt for phishing-resistant MFA solutions for internal platforms.
- Follow the principle of least privilege, and limit access levels for team members to only what is necessary for their role.
Prepare now for potential cyber threats to your firm.
It’s not a matter of if you’ll be attacked, it’s a matter of when. To proactively bolster your defenses:
- Perform a Vendor Risk Assessment to evaluate the risk of a disruption or cyber attack through your third-party vendors.
- Update your Business Continuity Plans.
- Validate your Incident Response Plans with regular Tabletop Exercises.
- Regularly train your staff with Phishing and User Awareness Cybersecurity Training.
Contact your Account Manager or a Drawbridge team member today for comprehensive cybersecurity support and solutions tailored to protect your organization from these evolving threats.
**Note: Drawbridge sent clients guidance and updates when the news broke on July 19, 2024. To stay on top of cybersecurity trends and incidents that directly impact the Alternative Investment Space, become a Drawbridge client today.