Reported by Brian Fung and Sean Lyngaas, CNN

Cybercriminals are already capitalizing on the chaos from Friday’s massive global tech outageby promoting fake websites filled with malicious software designed to compromise unsuspecting victims, according to warnings from the US government and multiple cybersecurity professionals.

Hackers have been setting up phony websites meant to appeal to people seeking information on, or solutions to, the worldwide IT meltdown but in reality are designed to harvest visitors’ information or to breach their devices, the security experts said.

The fraudulent sites use domain names that include keywords such as CrowdStrike — the cybersecurity firm behind a faulty software update that led to the crisis — or “blue screen,” which is what computers affected by the CrowdStrike glitch display when they boot up.

The fraudulent sites may try to lure victims in by promising a quick fix to the CrowdStrike issue or scam them with offers of fake cryptocurrency.

In a bulletin about the outage, the Department of Homeland Security said it has witnessed “threat actors taking advantage of this incident for phishing and other malicious activity.”

“Remain vigilant and only follow instructions from legitimate sources,” said the bulletin issued by the Department’s Cybersecurity and Infrastructure Security Agency. CrowdStrike has issued its own guidance on what affected organizations can do in response to the issue.

The situation illustrates how a volatile, high-impact news event has created secondary risks for millions of people as malign actors try to benefit from the CrowdStrike disaster and as thousands of organizations scramble to recover from CrowdStrike’s faulty software update.

“It’s a pretty standard pattern we see following incidents on this scale,” said Kenn White, an independent security researcher specializing in network security, in an interview with CNN. “Criminals are tireless in their creative pursuits to exploit the most vulnerable.”

Read full report: https://www.cnn.com/2024/07/22/tech/hackers-crowdstrike-outage-scams/index.html