In This Article:
Cybersecurity giant Crowdstrike Holdings Inc. (NASDAQ: CRWD) saw its share prices drop by 2.12% on Monday to finish at $341.46 apiece over fears that the company is being targeted by hackers.
This followed an announcement from the company over the weekend that it identified a new phishing campaign disguised as CrowdStrike (NASDAQ: CRWD), exploiting its recruitment branding to deliver malware disguised as an “employee CRM application.”
A hacker on his laptop. Photo by Sora Shimazaki on Pexels
“The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website. Victims are prompted to download and run a fake application, which serves as a downloader for the crypto miner XMRig,” it said on its website.
The email lures victims with download options for both Windows and macOS.
According to CrowdStrike (NASDAQ: CRWD), its awareness campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers.
“Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files. Organizations can reduce the risk of such attacks by educating employees on phishing tactics, monitoring for suspicious network traffic, and employing endpoint protection solutions to detect and block malicious activity,” it said.
“We are aware of scams involving false offers of employment with CrowdStrike. Fraudulent interviews and job offers use fake websites, email addresses, group chats, and text messages. We do not interview prospective candidates via instant message or group chat, nor do we require candidates to purchase products or services, or process payments on our behalf, as a condition of any employment offer,” it added.
“And, in reference to the campaign … we do not ask candidates to download software for interviews.”
July 2024 Outage
The fake job campaign followed a cybersecurity update from the company in July 2024, causing 8.5 million systems to crash, disrupting customers and business operations for days.
The outage, which occurred on July 19, showed the infamous “blue screen of death” and affected millions of Windows systems failing.
The CrowdStrike (NASDAQ: CRWD) glitch resulted in losses estimated to be more than $5 billion. It is also estimated to cost insurers around $1.5 billion in payouts under business interruption, cyber, and system failure coverages.
Touted as the largest IT outage so far in history, the glitch highlighted one of the most significant examples of the detrimental effects of aggregated cyber risk accumulation.