Microsoft outage: Govt asks companies to block these 25 ‘dangerous URLs’ – ET CISO
https://etimg.etb2bimg.com/thumb/msid-112155949,imgsize-50308,width-1200,height=765,overlay-etciso/ot-security/microsoft-outage-govt-asks-companies-to-block-these-25-dangerous-urls.jpg
Earlier this month several businesses across the world came to a standstill, thanks to a flawed security update that the US-based cybersecurity company CrowdStrike pushed for Microsoft Windows machines. The defective software update pushed by CrowdStrike to its customers disrupted airlines, banks, hospitals and other critical services, affecting about 8.5 million machines running Microsoft’s Windows operating system across the world.
Both Microsoft and CrowdStrike issued patches to bring machines back that took several hours and in some cases days as well. Like almost all events (good and bad), hackers and cybercriminals have been quick to exploit the widespread tech outage. Cyber security agencies across the world including that of the US, UK, Australia and Canada have warned of hackers using the CrowdStrike bug to attack businesses. Government of India’s cybersecurity agency CERT-In too has warned companies in the country of hacker attacks related to CrowdStrike outage.
In an advisory CERT-In said, “It has been reported that there are reports of an ongoing phishing campaign targeting CrowdStrike users leveraging this issue to conduct the following malicious activities: sending phishing emails posing as CrowdStrike support to customers; impersonating CrowdStrike staff in phone calls; and selling software scripts purporting to automate recovery from the content update issue; distributing trojan malware pretending as recovery tools.
It added that these attack campaigns could entice an unsuspected user to install unidentified malware, which could lead to sensitive data leakage, system crashes and data loss.
CERT-IN has also shared 25 URLs that it want companies to block on their network as they are deemed dangerous.
URLS
* crowdstrike.phpartners.Jorg
* crowdstrike0day[.]com
* crowdstrikebluescreen[-]com
* crowdstrike-bsod[.]com
* crowdstrikeupdate(.]com
* crowdstrikebsod[..com
* www.crowdstrike0day[.]com
* www.fix-crowdstrike-bsod[.]com
* crowdstrikeoutage[.Jinfo
* www.microsoftcrowdstrike[.]com
* crowdstrikeoday|[.]com
* crowdstrike[.]buzz
* www.crowdstriketoken[.]com
* www.crowdstrikefix[..com
* fix-crowdstrike-apocalypse[.]com
* microsoftcrowdstrikel..com
* crowdstrikedoomsdayl.com
* crowdstrikedown[..com
* whatiscrowdstrike[..com
* crowdstrike-helpdesk[..com
* crowdstrikefix..com
* fix-crowdstrike-bsod[.]com
* crowdstrikedown []site
* crowdstuck[.Jorg
* Crowdfalcon-immed-update[.]com
* crowdstriketoken[.]com
* crowdstrikeclaim[.]com
* crowdstrikeblueteam[.]com
* crowdstrike-office365[.]com
* crowdstrikefix-]zip
* crowdstrikereport[.]com