CERT-In warns CrowdStrike users of phishing attacks in India
Indian cybersecurity agency, CERT-In, has alerted users about a phishing attack campaign exploiting the recent global Microsoft outage. The attackers are impersonating CrowdStrike support staff, and offering system recovery tools to unsuspecting users. CERT-In warned in an advisory issued yesterday, that these attack campaigns could entice unsuspecting users to install unidentified malware, potentially leading to sensitive data leakage, and system crashes.
CERT-In issues advisory to users
CERT-In has issued an advisory urging users and organizations to configure their firewall rules, to block connections against 31 types of URLs. The advisory also recommended several cyber hygiene practices such as obtaining software patch updates from authentic sources, and avoiding clicking on documents with ."exe" links. CERT-In stated that users should look out for valid encryption certificates, by checking for the green lock in the browser's address bar before providing any sensitive information.
Users advised to practice safe browsing
In the wake of the phishing attacks, users are advised to only click on URLs with clear website domains, and to use safe browsing and filtering tools along with appropriate firewalls. The advisory also cautioned users against suspicious phone numbers.