Anomali reposted this
A lot of exploitation of the Crowdstrike recovery is happening. Hopefully Mimecast and Anomali's collection of suspicious domains is helpful to IT teams.
Over the past few days we've been working with some great folk including Mimecast and Anomali in compiling and updating a list of potentially suspicious domains that have been recently registered to take advantage of the CRWD pain that's going on. We have a FREE spreadsheet with over 800 domains. 😲 Apparently, LinkedIn killed my post sharing it; so DM me and I'll send ya the link. If you're a midsize or SMB and not using Crowdstrike; I'd say you should just go ahead and block all of these across the board. If you're a CRWD user, then please double check the domain registration before you block them on email and web browsing; but MOST of these are sus (IMHO)...and the cyber teams that we've been sharing this with have already seen hits from malicious threats from a bunch of these. Again; big thanks to Marc van Zadelhoff and Ahmed Rubaie for having their teams help pull this together. I believe they may have also posted blogs with shorter lists that they have vetted etc...but I'm sharing the broader list to really benefit I'm a big fan of what George Kurtz and his team do; and while he may not remember meeting me back in the day when I was a CISO. I think they are doing a bang up job of managing this. Note: It's a WIP and being updated with additional data as more info becomes available etc. #ciso #riskmanagement #informationsecurity #digitalmarketing