최신 사이버 공격

3CXDesktop App Trojanizes in a Supply Chain Attack

3CXDesktop App is a desktop client of 3CX voice over IP (VoIP) system. The application allows users to communicate within and outside the organization through their desktop or laptops.

On March 30, 2023 and over the past few days thereafter are accumulated evidence a Trojanized version of the original 3CXDesktop App client is being downloaded to unsuspecting victims around the world. The Trojanized version includes a malicious DLL file, which replaced an original one which is known to come with the benign version of the app. Then, when the application is loaded, the signed 3CXDesktop App is executing the malicious DLL as part of its predefined execution procedure.

Staying Safe in Times of Cyber Uncertainty

Given the recent geo-political uncertainty, Cyber security professionals need to prepare for a continued uptick in threat activity. To ensure that your organization remains protected from whatever may occur, we would like to provide you with validated best security practices to mitigate any potential threat.

VIEW LIVE MAP

Cyber Pandemic Update –
Critical Vulnerability in Apache Log4j

Are you affected by the Log4j vulnerability?
Everything you need to know about this vulnerability, including how to stay protected, and how it is evolving worldwide.

랜섬웨어 팬데믹

Ransomware attacks continue to surge, hitting a 93% increase year over year

Check Point Research (CPR) issues an updated data snapshot of global ransomware trends near the mid-year. The average number of ransomware attacks each week increased by 20% in the last two months, 41% in the last six months, and 93% in the last 12 months.

Microsoft Exchange Hack

On March 2nd, 2021, Volexity reported the in-the-wild exploitation of the following Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Further investigation uncovered that an attacker was exploiting a zero-day and used in the wild. The attacker was using the vulnerability to steal full contents of several user mailboxes. This vulnerability is remotely exploitable and does not require authentication or special knowledge or access to a specific environment. Our teams are working across the board, side-by-side with other industry leaders, to provide the best protection against these attacks.

SolarWinds Sunburst Attack

The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic. Named Sunburst by researchers, we believe this is one of the most sophisticated and severe attacks ever seen. The attack has been reported to impact major US government offices as well as many private sector organizations.

This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets enabling them to spy on the organization and access its data.