Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

Malicious Inauthentic Falcon Crash Reporter Installer Delivers LLVM-Based Mythic C2 Agent Named Ciro

On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the Mythic command-and-control (C2)1 framework is executed as LLVM Intermediate Representation (IR) bitcode.

Identify Possibly Impacted Hosts with CrowdStrike Dashboard

This video is an overview of the dashboard available for CrowdStrike Insight customers to identify possibly impacted devices related to the recent defect in a CrowdStrike content update for Windows hosts. For more information on this dashboard, please visit the CrowdStrike Remediation and Guidance Hub.

Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike's Threat Actor List

On July 24, 2024, hacktivist entity USDoD claimed on English-language cybercrime forum BreachForums to have leaked CrowdStrike’s “entire threat actor list.”1 The actor also alleged that they had obtained CrowdStrike’s “entire IOC list” and would release it “soon.” In the announcement, USDoD provided a link to download the alleged threat actor list and provided a sample of data fields, likely in an effort to substantiate their claims.

Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity via Spearphishing Website

On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic CrowdStrike Crash Reporter installer via a website impersonating a German entity. The website was registered with a sub-domain registrar.

Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the filename CrowdStrike Falcon.zip in an attempt to masquerade as a Falcon update.

CrowdStrike Host Self-Remediation for Remote Users with Local Administrator Privileges

This video for remote users with local administrator privileges, outlines the steps required to self-remediate a Windows laptop experiencing a blue screen of death (BSOD) related to the recent defect in a CrowdStrike content update for Windows hosts. Follow these instructions if directed to do so by your organization's IT department.

Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer

On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal.

Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

CrowdStrike Unifies Threat Data and AI for Next-Gen Managed Detection and Response

CrowdStrike is setting a new standard for managed detection and response (MDR), building on our established reputation as pioneers and industry leaders. Falcon Complete Next-Gen MDR combines cutting-edge AI-powered cybersecurity technology with the expertise of the industry’s top security analysts to stop breaches across the entire attack surface 24/7 with unmatched speed and precision.

CrowdStrike Named a Customers' Choice in 2024 Gartner Voice of the Customer for Endpoint Protection Platform Report

The endpoint combines both opportunity and risk for most organizations. While an essential hub for modern business operations and the tools employees use, it also is the primary attack surface for today’s adversaries: Nearly 90% of successful cyberattacks start at the endpoint.1 An endpoint protection platform (EPP) is the essential foundation to a strong cybersecurity strategy.

Essential Considerations When Choosing a DSPM Solution

The advent of cloud technology has revolutionized organizations’ data use and security practices. Cloud development has decentralized data management, with development and DevOps teams — and now business intelligence (BI) and AI teams — dispersing data across multiple cloud service providers, regions and applications. This decentralization has fueled the proliferation of shadow data and heightened the risk of unintentional data exposure.

Proactively Secure Serverless Functions Across AWS, Google Cloud and Azure with Falcon Cloud Security

Serverless functions such as AWS Lambda, Google Cloud Functions and Azure Functions are increasingly popular among DevOps teams, as these cloud-based systems allow developers to build and run applications without managing the underlying infrastructure. But for all their benefits, serverless functions can also raise cybersecurity risk.

CrowdStrike Simplifies Ingestion of High-Value Data into the Falcon Platform

At CrowdStrike, we’ve long known how difficult it is to detect attacks that involve stolen credentials. We themed the CrowdStrike 2024 Global Threat Report “the year of stealth” to highlight how attackers are moving away from malware and malicious attachments and toward more subtle and effective methods such as credential phishing, password spraying and social engineering to accomplish their objectives. Source: CrowdStrike 2024 Global Threat Report.

CISO Explains Switch from Microsoft to CrowdStrike for Cybersecurity

The CISO of a major insurance company recently switched from Microsoft to CrowdStrike for endpoint and identity security following a ransomware incident that Microsoft Defender failed to block. The following Q&A explains what happened, the fallout with Microsoft and how CrowdStrike delivered the protection, consolidation and support the CISO needed. Describe your security posture before the incident. I joined the company as CISO a few years ago.

CrowdStrike's One-Click Hunting Simplifies Threat Hunting for Security Teams

Adversaries are not breaking in; they are logging in. The CrowdStrike 2024 Global Threat Report highlights an alarming trend: In 75% of cyberattacks detected in 2023, adversaries gained initial access through malware-free methods. This means they acquired valid credentials via techniques such as password spraying or phishing — or they simply purchased them off the dark web.