Tag Archive for: communications

Hackers infect popular 3CX communications application with malware

/in


Hackers have compromised 3CX, a popular videoconferencing and business phone management application used by more than 600,000 companies.

Multiple cybersecurity providers, including CrowdStrike Holdings Inc., issued warnings about the breach on Wednesday. CrowdStrike believes the hackers behind the breach are associated with a North Korean state-backed threat actor known as Labyrinth Chollima. According to the company, the hackers are using the compromised 3CX application to launch cyberattacks against users.

The 600,000 companies that use 3CX include major enterprises such as Coca-Cola Co., McDonald’s Corp. and BMW AG. The software has about 12 million daily users worldwide. 

According to BleepingComputer, signs that CX3 has been compromised began emerging more than a week ago. On March 22, multiple customers reported that their antivirus software had flagged the application as malicious. The malicious version of the CX2 application was shipped more than two weeks earlier, on March 3.

The malware sends data it steals to remote infrastructure controlled by the hackers. According to a SentinelOne Inc. analysis, some of that infrastructure was prepared as early as last February.

As part of the cyberattack, the hackers packaged malicious code into the 3CX desktop client’s installer. The Windows and Mac versions are both affected. Moreover, customers that already have 3CX installed received an update that likewise contains the malicious code.

According to CrowdStrike, the malicious installer and update are signed. Code signing is a cybersecurity method that allows a company to confirm it developed a piece of software. Using the method, a computer can verify that an application it’s about to install was downloaded from the original source and not a malicious server.

Pierre Jourdan, chief security information officer at 3CX, stated in a blog post that the malicious code appears to have originated from one of the “bundled libraries” the company uses. A library is an externally developed code component that engineers incorporate into their software. Jourdan didn’t provide technical details about the malicious component.

According to SentinelOne, the malicious 3CX…

Source…

How Can Disrupting DNS Communications Thwart a Malware Attack?

/in


Question: How does a threat actor utilize DNS communications in malware attacks?

Dave Mitchell, CTO, Hyas: The idea that you can protect yourself from all malware is unrealistic, especially considering malware is an umbrella term that does not refer to any specific exploit, vector, goal, or methodology. Because the range of cyber threats is so wide and varied, there is no magic bullet that will repel every attack. So it’s really only a matter of time before your network environment is compromised, forcing you to make some very hard decisions.

For instance, in the medical field, successful cyber attacks don’t just affect an organization’s ability to function; they also have major legal and reputational repercussions. Because of these circumstances, medical industry victims end up paying out ransomware demands at a higher rate than any other industry. If they were able to detect indicators of problems before they become full-blown attacks, healthcare organizations could save an average of $10.1 million per incident averted.

Most security solutions address a specific subsection of malware and/or infiltration vectors, but none of them can stop all threats at the gate. Even if they could, sometimes the gate is bypassed altogether. As we saw with the Log4J exploit and the recent compromise of the popular Ctx Python package, “trusted” resource libraries hosted on places like GitHub can be compromised by outside entities and used to deliver payloads of malware to thousands of endpoints without immediately triggering a red flag.

Not all threats lurk solely in cyberspace. Returning to the healthcare industry as an example highlights another attack vector that can get around all of your perimeter security — physical access. Most hospitals, physician’s offices, pharmacies, and other medical facilities rely on networked terminals and devices located (or accidently left) in places where they can be accessed by patients, visitors, or other unauthorized users. In situations like these, it doesn’t matter how well-defended your network is from outside attacks because the bad actor can simply insert a USB stick or use a logged-in device to access malware, compromising the network from within.

This may…

Source…

Major events that shaped science, technology and communications sectors in 2022

/in


Earlier in the then-new year, 2022, the Nigerian Communications Commission confirmed that MTN Nigeria and Mafab Communications Limited had paid $273.6m each for the Fifth Generation spectrum licence.

The Executive Vice Chairman of the NCC, Umar Danbatta, confirmed the payment in February as the deadline set for the two winners of the spectrum auction elapsed.

The “Provisional winners of the 3.5 Gigahertz spectrum licence, MTN Communications Nigeria Plc and Mafab Communications Limited, have made their full payment of $273.6m each for the 5G Spectrum license to the Nigerian Communications Commission”, Danbatta said via a press statement in February.

Also in the year, the Minister of Science Technology and Innovation (STI), Senator Adeleke Mamora, said despite less funding and other challenges, the ministry made enormous achievements since he took over as minister on July 14, 2022.

The minister said this in Abuja during an interactive session with reporters on the achievements of the ministry in the period under review.

Consumers reject NAICOM’s directive on 3rd party insurance, call for reversal

My critics have mischievous intentions – Obaseki

He also solicited for more funding for Research and Development (R&D) in the country to boost technological advancement.

“Research activities require a lot of funding and there has to be a way to make that funding possible. The African Union (AU) had set up a 2% of GDP for member countries for R&D and the truth is that until and unless we give priority to R&D, it will be difficult for us to get to where we want to be in terms of socio-economic development. We need R&D to move forward,” he said.

Mamora commended President Muhammadu Buhari for committing 0.5% of Nigeria’s GDP to Research and Development which, he said, is an improvement from previous years.

The minister also said as a result of the funding constraints, the ministry had prioritised dropping of wastages and avoiding duplication.

Also, the executive vice chairman/chief executive, National Agency for Science and Engineering Infrastructure (NASENI), Prof. Mohammed Sani Haruna, disclosed during the year that the agency’s target is to contribute 50 megawatts of…

Source…

Ransomware hackers hit Australian defence communications platform

/in


SYDNEY, Oct 31 (Reuters) – Hackers have targeted a communications platform used by Australian military personnel and defence staff with a ransomware attack, authorities said on Monday, as the country battles a recent spike in cyberattacks across businesses.

The ForceNet service, one of the external providers that the defence department contracts to run one of its websites, has come under attack but so far no data have been compromised, Assistant Minister For Defence Matt Thistlethwaite said.

“I want to stress that this isn’t an attack or a breach on defence (technology) systems and entities,” Thistlethwaite told ABC Radio. “At this stage, there is no evidence that the data set has been breached, that’s the data that this company holds on behalf of defence”.

But some private information such as dates of birth and enlistment details of military personnel may have been stolen, the Australian Broadcasting Corp reported, citing an unidentified source with knowledge of the investigation.

Thistlethwaite said the government will view the incident “very seriously” and all defence personnel have been notified, with suggestions to consider changing their passwords.

A Defence department spokesperson told Reuters in an emailed statement the department was examining the contents of the impacted data set and what personal information it contained.

Ransom software works by encrypting victims’ data and hackers typically will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.

Some of Australia’s biggest companies, including No. 2 telecoms company Optus, owned by Singapore Telecommunications Ltd (STEL.SI), and the country’s biggest health insurer, Medibank Private Ltd (MPL.AX), have had data hacked recently, likely exposing the details of millions of customers.

Technology experts said the country has become a target for cyber attacks just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop it. read more

Reporting by Renju Jose; Editing by Kenneth Maxwell

Our Standards: The Thomson Reuters Trust Principles.

Source…