Skip to main content

HKCERT Urges the Public and Organisations to Enhance Cyber Resilience to Minimise the Impact from Incident Similar to the CrowdStrike Software Update Failure

HKCERT Urges the Public and Organisations to Enhance Cyber Resilience
to Minimise the Impact from Incident Similar to the CrowdStrike Software Update Failure

(Hong Kong, 26 July 2024) Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) found reports that criminals take advantage of the public awareness and reaction regarding the recent CrowdStrike software update failure incident to deploy various possible attack tactics. Those attacks, including phishing and malware attacks, continue to evolve and expand their reach.

HKCERT has observed threat actors exploit the mentioned CrowdStrike incident to launch phishing attacks. These attackers are sending phishing emails and hosting fake websites posing as CrowdStrike officials, offering fake software updates and recovery manuals that actually deliver malware. The malicious files can cause data leakage, system crashes, and data loss. For individuals and organizations, this can also result in personal data exposure, reputational damage, and financial loss.

To receive the latest attack trend that threat actors making use of the Crowdstrike software update failure incident, please visit HKCERT related phishing alert and malware alert:


For corporates and organisations, the following best practices are recommended to be adopted to maintain secure and resilient IT environment, and to minimise the impact from similar event happening in the future:

  • Adopt vendor management and build transparency with vendors, and stay vigilant to supply chain attacks
  • When possible, avoid solely rely on single technology, solution and vendor to minimise single point of failure
  • Apply security risk assessment on IT systems and applications, evaluate the impact of third-party risks on both operating system and application level
  • Apply change management and configuration management to IT systems and applications, include application testing and verification in deployment steps and prepare a fallback plan prior proceeding patch update
  • Develop Business Continuity Plan (BCP) to main the business in case of an incident occurred and affected the business’s IT environment
  • Arrange and perform incident response and disaster recovery drill regularly to verify the effectiveness of BCP
  • Develop incident response plan to IT systems and applications, referring to HKCERT’s “Incident Response Guideline for SMEs
  • Review application software privilege in IT systems periodically. Maintain least privileges practices to minimise the impact of application software failure


To learn more about the security advisory of CrowdStrike denial of service alert, please visit the HKCERT website for the latest news:
https://www.hkcert.org/security-bulletin/crowdstrike-denial-of-service-vulnerability_20240719

Businesses or members of the public who wish to report to HKCERT on cyber security related incidents can do so by completing the online form at: https://www.hkcert.org/incident-reporting, or call the 24-hour hotline at 8105 6060. For further enquiries, please contact HKCERT at hkcert@hkcert.org.

- Ends -