We will continue to update on this dynamic situation as more details become available. CrowdStrike’s Intelligence team is in contact with 3CX. On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.

Cybersecurity is often about making progress: Progress in the way organizations procure, deploy and manage software; in the new skills and techniques teams acquire to run their cybersecurity programs; and in stopping breaches to protect hard-earned productivity gains.

According to the AV-TEST Institute, more than 1 billion strains of malware have been created, and more than 500,00 new pieces of malware are detected every day. One of the main reasons for this rapid growth is that malware creators frequently reuse source code. They modify existing malware to meet the specific objectives of an attack campaign or to avoid signature-based detection.

From the CISO perspective, identity security is one of the top security challenges, driven by the adversary’s increased use of stolen credentials to target and infiltrate organizations. The data bears this out: according to the CrowdStrike 2023 Global Threat Report, 80% of attacks use compromised identities, while advertisements for access broker services jumped 112% in 2022.

In November 20211 and February 2022,2 Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence and the CrowdStrike Falcon® Complete managed detection and response team observed eCrime adversaries that had previously relied on macro execution for malware delivery adapt their tactics, techniques and procedures (TTPs).

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. Dero is a relatively new and privacy-focused cryptocurrency that uses directed acyclic graph (DAG) technology to claim complete anonymity of its transactions. The combination of anonymity and the higher rewards ratio makes it potentially lucrative to cryptojacking groups compared to Monero, which is commonly used cryptocurrency by attackers or groups running miner operations.

With so many threat intelligence solutions on the market today, it raises the question: What is threat intelligence and why do you need it? I won’t go into detail about what threat intelligence is; you can read about that here. Instead, I want to focus on the threat intelligence maturity journey — specifically, how advanced your organization is with respect to threat intelligence adoption and which CrowdStrike solution may be right for you.

CrowdStrike has repeatedly proven through independent, third-party testing why the CrowdStrike Falcon® platform is the trusted security choice of so many companies and organizations. The Falcon platform provides customers with 360-degree visibility across their entire attack surface, with advanced use of machine learning to automate threat detection and prevention, augment SecOps teams and stop breaches before they occur.