- \n
- Between July 19th and 23rd, we detected 194 CrowdStrike lookalike domains.<\/li>\n
- Of these, 60 are likely used in phishing campaigns.<\/li>\n
- 27 are likely used in other malicious activities.<\/li>\n
- Four are likely used in spam operations.<\/li>\n
- 57 were set up defensively (that is, registered with CSC Corporate Domains for brand protection purposes).<\/li>\n<\/ul>\n
To give you an idea of the nature of these domain names, here\u2019s a screen shot from the web site fix-crowdstrike-apocalypse[.]com:<\/p>\n
![](\"\/wp-content\/uploads\/infoblox-blog-lets-be-careful-out-there-crowdstrike-screenshot.png\")
<\/p>\nThis site advertises a (probably fake)1<\/sup> program that can restore Windows computers that have been affected by the outage, and offers two methods of payment, Bitcoin and Ethereum. <\/p>\n
These numbers\u2014over 90 malicious domain names registered in a few days\u2014highlight how important it is to exercise caution after a major event like the CrowdStrike-induced Windows outage, but also what an important role DNS-based security can play in protecting your users and infrastructure: Infoblox\u2019s algorithms flagged these lookalikes in real-time, categorized them into malicious, suspicious and benign, and added them to our threat feeds to prevent our customers from becoming victims. <\/p>\n
Footnotes<\/h3>\n
- \n
- While we haven\u2019t bought a copy, we suspect the advertised product isn\u2019t a legitimate repair tool: Based on its registration information, the domain name isn\u2019t affiliated with CrowdStrike, and the registrant chose an anonymous DNS provider, which is consistent with malicious activity.<\/li>\n<\/ol>\n