CYBERSECURITY NEWS APRIL V. — 3CX Trojan, AvidXchange attack, KFC leak, IP scam & Bluefield University attack.

A SolarWind-style Attack with a Twist

In the ever-evolving landscape of cybersecurity, recent events have raised alarm bells across the industry, particularly regarding supply chain attacks. One such incident that sent shockwaves through the community involved a Trojan version of the widely-used 3CX voice and video communication client. As a leading developer of software-based phone systems, 3CX boasts over 600,000 organizations and 12 million daily users worldwide, underlining the potential scale of the threat.

Several cybersecurity heavyweights, including CrowdStrike, Sophos, and SentinelOne, have shared comprehensive breakdowns of this SolarWind-style attack on their blogs. SentinelOne aptly dubbed the attack "Smooth Operator". The modus operandi reportedly involved the delivery of Trojan-infected 3CXDesktopApp installers to implant Infostealer malware within corporate networks.

This insidious malware is said to be capable of harvesting system information and user profile data from browsers such as Google Chrome, Microsoft Edge, Brave, and Firefox. It's also believed to have the ability to send a beacon to the attacker-controlled infrastructure, triggering the deployment of a second-stage payload. CrowdStrike has also flagged a slight possibility of "keyboard action".

Ransomware attack at AvidXchange

In another unsettling incident, AvidXchange, a payment software company, fell victim to a ransomware attack. The aftermath saw a significant volume of confidential data stolen and subsequently released. A ransomware collective known as RansomHouse took credit for the attack. In a chilling post on their dark website, they advised the targeted company to get in touch to prevent further data loss. The compromised data included login credentials and security question answers for various company systems.

When Your Internet Address Becomes Hot Property

Online fraudsters are also proving to be increasingly resourceful. A recent scam involved the theft of IP addresses, which were then sold to proxy services for profit. As part of this scheme, proxy software was covertly installed on victims' computers, allowing the fraudsters to sell the device's IP address to a proxy software service. This illicit business model could net attackers up to $10 per month for each compromised device. While proxy services are legal, those seeking to circumvent protections and restrictions often exploit them. Continuous real-time threat detection is an invaluable tool for guarding against such threats.

KFC under attack

Fast food aficionados, particularly those partial to fried chicken, should be on high alert. Yum! Brands, the parent company of KFC, Pizza Hut, and Taco Bell, has been dispatching data breach notification emails following a ransomware attack on January 13. Initially, the company claimed that no customer data was compromised, but subsequent alerts suggest that attackers may have accessed customer names, driver's license numbers, and other ID details. The fallout from the incident has forced the closure of approximately 300 UK restaurants.

Exams Postponed as Hackers Hit the Books

In the realm of academia, Bluefield University recently disclosed that a cyber attack had prompted a shutdown of the school's computer systems for an indefinite period. The attack believed to have originated from a compromised university email, postponed final exams and assignments. The university has urged all users to refrain from logging into Bluefield University accounts, including email, until the situation is resolved. The timeline for recovery remains uncertain, but updates will be provided as soon as new information becomes available.

In this digital age, these incidents are stark reminders of the importance of robust cybersecurity measures. As we continue to navigate this complex landscape, staying informed and vigilant is more crucial than ever.