Information Security
July 2024 Increased Phishing Activity Related to Global CrowdStrike Service Issue
Last modified 7/22/2024
A significant global service issue affecting many organizations, including higher education institutions, is currently unfolding due to a faulty update in widely used security software, CrowdStrike. Although we do not use this software, it is important to be aware that threat actors are exploiting this situation to launch phishing attacks.
The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency responsible for enhancing the security, resiliency, and reliability of the nation's cybersecurity and communications infrastructure, has reported that cybercriminals are using the current disruption caused by CrowdStrike's service issues to deceive recipients into revealing sensitive information, clicking on malicious links, or downloading harmful attachments.
Do not engage with unsolicited emails, phone calls, or text messages that reference CrowdStrike and urgency to take some action. If you are experiencing issues with a service, contact the appropriate support center through official methods.
We are closely monitoring the situation and will provide updates as necessary.
Status Updates
July 22, 2024, 8:00 AM Status
Microsoft estimates that over 8.5 million Windows machines were affected by the update. Many of the impacted organizations have reported successful recovery from vendor-provided solutions. Some organizations are still in the process of recovery where manual effort is recovered.
Reports continue about threat actors leveraging the situation to distribute malware and conduct social engineering attacks.
July 20, 2024, 8:00 AM Status
The third-party service provider for the IT ticketing system, Cherwell, has resolved their issue.
Reports indicate that threat actors are registering domains presumably to use in attacks. Examples include crowdstrikebluescreen[.]com, crowdstrikeupdate[.]com, and crowdstrike-helpdesk[.]com. These can show up in emails as well as malicious ads on websites or internet searches.
July 19, 2024, 3:30 PM Status
Original publication of this advisory. The IT ticketing system, Cherwell, is experiencing an Outage due to the incident impacting the third-party service provider.
Resources
How to Avoid Phishing, Phone Scams, and Identity Theft - Guidance on recognizing and responding to scams.
How to Report Phishing Emails - Instruction on reporting suspicious emails.
Our Statement on Today's Outage | CrowdStrike (external) - Statement from CrowdStrike company on the incident.