Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic CrowdStrike Crash Reporter installer via a website impersonating a German entity. The website was registered with a sub-domain registrar.

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the filename CrowdStrike Falcon.zip in an attempt to masquerade as a Falcon update.

On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal.

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

CrowdStrike is setting a new standard for managed detection and response (MDR), building on our established reputation as pioneers and industry leaders. Falcon Complete Next-Gen MDR combines cutting-edge AI-powered cybersecurity technology with the expertise of the industry’s top security analysts to stop breaches across the entire attack surface 24/7 with unmatched speed and precision.

The endpoint combines both opportunity and risk for most organizations. While an essential hub for modern business operations and the tools employees use, it also is the primary attack surface for today’s adversaries: Nearly 90% of successful cyberattacks start at the endpoint.1 An endpoint protection platform (EPP) is the essential foundation to a strong cybersecurity strategy.

The advent of cloud technology has revolutionized organizations’ data use and security practices. Cloud development has decentralized data management, with development and DevOps teams — and now business intelligence (BI) and AI teams — dispersing data across multiple cloud service providers, regions and applications. This decentralization has fueled the proliferation of shadow data and heightened the risk of unintentional data exposure.

Serverless functions such as AWS Lambda, Google Cloud Functions and Azure Functions are increasingly popular among DevOps teams, as these cloud-based systems allow developers to build and run applications without managing the underlying infrastructure. But for all their benefits, serverless functions can also raise cybersecurity risk.

At CrowdStrike, we’ve long known how difficult it is to detect attacks that involve stolen credentials. We themed the CrowdStrike 2024 Global Threat Report “the year of stealth” to highlight how attackers are moving away from malware and malicious attachments and toward more subtle and effective methods such as credential phishing, password spraying and social engineering to accomplish their objectives. Source: CrowdStrike 2024 Global Threat Report.