Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
A recent global IT outage caused by cyber security firm CrowdStrike has left millions of computers offline as tech teams worldwide grapple with the fallout.
While reports of data breaches related to the CrowdStrike outage have yet to surface, the situation has created opportunities for scammers to attempt to access data through social engineering and phishing schemes targeting affected users.
Here’s what you need to know about the incident and how to protect your organisation from potential scams.
The outage stemmed from an issue in a single content update for CrowdStrike’s Falcon sensor, impacting Windows operating systems. As of now, there have been no reports of data breaches directly resulting from or causing the CrowdStrike outage.
Unlike the recent AT&T data breach, the incident appears to be a technical issue rather than a security breach. CrowdStrike’s official communications have focused on the content update problem and its resolution, without mentioning any data compromise.
While CrowdStrike has deployed a fix, the incident has created an opportunity for cybercriminals to exploit the situation.
CrowdStrike Intelligence reported that threat actors are “Sending phishing emails posing as CrowdStrike support to customers” and “impersonating CrowdStrike staff in phone calls.” Other reported malicious activity includes:
Several government agencies have taken action in response to the CrowdStrike outage:
In an advisory, the Australian Cyber Security Centre (ACSC) warned “a number of malicious websites and unofficial code are being released claiming to help entities recover from the widespread outages caused by the CrowdStrike technical incident.” It strongly encouraged “all consumers to source their technical information and updates from official CrowdStrike sources only.”
Home Affairs Minister Clare O’Neil cautioned: “I would like to ask Australians to be really careful and be really on the lookout for attempts to use this to scam Australians and to scam small businesses.”
“If you see an email. If you see a text message that looks a little bit funny, that indicates something about CrowdStrike or it outages, just stop. Don’t put in any details.”
In the US, The Cybersecurity and Infrastructure Security Agency (CISA) has been actively monitoring the situation and providing regular updates. According to its advisory, CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. It urges “organisations and individuals to remain vigilant and only follow instructions from legitimate sources.”
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, provided further insights, reporting that the US government had been assessing the impact of the outage on all critical infrastructure sectors.
“We’re working first to assess what’s the impact on U.S. government critical services, second, to assess sector by sector what’s the impact to power in the country, to hospitals in the country, to 911 systems, the national suicide hotline,” said Neuberger.
Neuberger also confirmed that she had spoken directly with CrowdStrike CEO George Kurtz, who assured her that the outage was not due to a “security incident or cyberattack.”
To safeguard against potential scams, authorities recommend:
This incident highlights the importance of robust cybersecurity measures and scam awareness. Finance leaders should:
While no data breach has been confirmed, the full impact of the incident may still be unfolding. Finance leaders should remain vigilant and continue to monitor official CrowdStrike communications for any updates regarding data security.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.