Priya Patel
TLDR:
- Cybercriminals are exploiting a CrowdStrike update mishap to distribute Remcos RAT malware to Latin America-based customers.
- CrowdStrike’s faulty update caused IT disruptions by triggering a Blue Screen of Death on Windows devices globally.
A cybersecurity firm, CrowdStrike, is facing backlash for causing worldwide IT disruptions due to a flawed update to Windows devices. Threat actors are using this situation to distribute Remcos RAT to customers in Latin America by disguising it as a hotfix. The attack involves a ZIP archive file named “crowdstrike-hotfix.zip,” which contains a malware loader called Hijack Loader that launches the Remcos RAT payload. The company has warned its impacted customers to communicate with official channels and follow technical guidance provided by CrowdStrike support teams. Microsoft has released a new recovery tool to help IT admins repair the impacted Windows machines. Reports have also emerged of CrowdStrike updates causing issues on different Linux servers. This incident highlights the risks of monocultural supply chains and emphasizes the importance of safe deployment and disaster recovery mechanisms.
On July 19, a routine sensor configuration update by CrowdStrike unintentionally triggered a logic error, resulting in a Blue Screen of Death (BSoD) and rendering numerous systems inoperable globally. Malicious actors have taken advantage of the chaos to exploit affected businesses. This event underscores the interconnected nature of the tech ecosystem and the need for prioritizing safe deployment practices. Customers impacted by this incident are advised to refer to a Remediation and Guidance Hub provided by CrowdStrike for information on identifying and resolving affected hosts. Microsoft’s efforts to address the fallout from the faulty update have shed light on the importance of cybersecurity in the digital age.
