Self-extracting (SFX) archive files have long served the legitimate purpose of easily sharing compressed files with someone who lacks the software to decompress and view the contents of a regular archive file. However, SFX archive files can also contain hidden malicious functionality that may not be immediately visible to the file’s recipient, and could be missed by technology-based detections alone.

We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX. On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.

Cybersecurity is often about making progress: Progress in the way organizations procure, deploy and manage software; in the new skills and techniques teams acquire to run their cybersecurity programs; and in stopping breaches to protect hard-earned productivity gains.

According to the AV-TEST Institute, more than 1 billion strains of malware have been created, and more than 500,00 new pieces of malware are detected every day. One of the main reasons for this rapid growth is that malware creators frequently reuse source code. They modify existing malware to meet the specific objectives of an attack campaign or to avoid signature-based detection.

From the CISO perspective, identity security is one of the top security challenges, driven by the adversary’s increased use of stolen credentials to target and infiltrate organizations. The data bears this out: according to the CrowdStrike 2023 Global Threat Report, 80% of attacks use compromised identities, while advertisements for access broker services jumped 112% in 2022.

In November 20211 and February 2022,2 Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence and the CrowdStrike Falcon® Complete managed detection and response team observed eCrime adversaries that had previously relied on macro execution for malware delivery adapt their tactics, techniques and procedures (TTPs).

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a relatively new and privacy-focused cryptocurrency that uses directed acyclic graph (DAG) technology to claim complete anonymity of its transactions. The combination of anonymity and the higher rewards ratio makes it potentially lucrative to cryptojacking groups compared to Monero, which is commonly used cryptocurrency by attackers or groups running miner operations.

With so many threat intelligence solutions on the market today, it raises the question: What is threat intelligence and why do you need it? I won’t go into detail about what threat intelligence is; you can read about that here. Instead, I want to focus on the threat intelligence maturity journey — specifically, how advanced your organization is with respect to threat intelligence adoption and which CrowdStrike solution may be right for you.

CrowdStrike has repeatedly proven through independent, third-party testing why the CrowdStrike Falcon® platform is the trusted security choice of so many companies and organizations. The Falcon platform provides customers with 360-degree visibility across their entire attack surface, with advanced use of machine learning to automate threat detection and prevention, augment SecOps teams and stop breaches before they occur.

After dissecting a full year’s worth of interactive intrusion data, the CrowdStrike® Falcon OverWatch™ Elite team has identified the most commonly abused living-off-the-land binaries — and distilled the critical insights that defenders need to know to protect their organizations against the misuse of these binaries.

We believe our recognition in the 2022 Magic Quadrant for Endpoint Protection Platforms reinforces CrowdStrike’s position as a cybersecurity leader, innovator and visionary placing farthest to the right for Completeness of Vision. We are proud to share that CrowdStrike has once again been named a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms (EPP).

After extensive testing and analysis, the AV-TEST Institute has named CrowdStrike Falcon® Pro for Mac the Best MacOS Security Product for Business for 2022. AV-TEST completed its evaluation of macOS security products for business users for 2022 following a year-long series of tests, in which Falcon Pro for Mac was the only security product to score a perfect 18.0 points in three straight quarterly evaluations. In announcing the decision, AV-TEST CEO Maik Morgenstern praised Falcon Pro for Mac.

Deep learning is a core part of CrowdStrike’s arsenal of machine learning (ML) techniques, and we are constantly innovating in this area to boost the performance of our ML models. However, ML can consume large amounts of computing resources. To minimize the computing load and its associated costs, we strive to optimize performance and resource utilization for our models as well as address any safety issues related to the use of third-party tools.