25/07/2024 | News release | Distributed by Public on 25/07/2024 22:26
It's impressive (and a little discouraging) to see how quickly the bad guys capitalize on current events. In the wake of the worldwide Windows outage caused by a bug in CrowdStrike's software, opportunists have registered many lookalike domains. For a complete list, please see the Infoblox Threat Intelligence Github repo, https://github.com/infobloxopen/threat-intelligence/tree/main. Here's a summary:
To give you an idea of the nature of these domain names, here's a screen shot from the web site fix-crowdstrike-apocalypse[.]com:
This site advertises a (probably fake)1 program that can restore Windows computers that have been affected by the outage, and offers two methods of payment, Bitcoin and Ethereum.
These numbers-over 90 malicious domain names registered in a few days-highlight how important it is to exercise caution after a major event like the CrowdStrike-induced Windows outage, but also what an important role DNS-based security can play in protecting your users and infrastructure: Infoblox's algorithms flagged these lookalikes in real-time, categorized them into malicious, suspicious and benign, and added them to our threat feeds to prevent our customers from becoming victims.