A new version of IceXLoader that has compromised thousands of personal and enterprise Windows machines, security experts reacted below.
A new version of IceXLoader that has compromised thousands of personal and enterprise Windows machines, security experts reacted below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Skybox Research Lab found that the malware industry continues to churn out a wide array of malicious software, particularly cryptojacking and ransomware programs, which increased by 75% and 42%, respectively in 2021. In this case, thousands of personal and enterprise Windows machines are said to have been compromised by the updated IceXLoader malware globally. Versions include one written in Nim to evade detection and a multi-stage delivery chain, typically distributed through phishing campaigns via compromised ZIP attachments. The malware loader has been observed delivering RAT & crypto miners.
Oftentimes malware is the most damaging type of payload cyberattacks. Malware typically attacks vectors by compromising a single device, often known as patient zero. Taking a more proactive approach can protect patient zero before they have been compromised. Reducing malware with proactive vulnerability management helps organizations learn to identify and prioritize exposed vulnerabilities across the entire threat landscape, which in turn significantly lessens the time and resources spent in reactive activities, like threat hunting and triage.
To stay ahead of cybercriminals, companies must address vulnerability exposure risks before threat actors can exploit them. Additionally, organizations should ensure they have solutions capable of quantifying the business impact of cyber risks with economic impact factors. This will help them identify and prioritize the most critical threats based on the size of the financial impact, among other risk analyses such as exposure-based risk scores.