Cybersecurity experts are warning against a new malware named "DslogdRAT," which spreads by exploiting a critical zero-day vulnerability in Ivanti Connect Secure (ICS) systems. Particularly targeting organizations in Japan and believed to be linked to Chinese-backed cyber espionage groups, hackers manage to infiltrate systems by executing remote code. In the first step, attackers plant a hidden web shell into the system, and then they download the actual spyware to take full control of the device.

Once settled in the system, this malware establishes a connection with an external command server to steal basic system information, executes remotely sent commands, and expands its attacks by using the infected device essentially as a proxy. As the scale of the threat continues to grow, security researchers state that they have detected a massive 9-fold increase in suspicious scanning activities targeting Ivanti devices within the last 24 hours, urging organizations to take urgent precautions against upcoming new and larger-scale attack waves.

Some of the precautions we need to take to protect against these types of attacks include:

• Do not open emails from untrusted sources.

• Use multi-factor authentication (MFA).

• Keep your system updated to the latest version at all times.

• Monitor login logs regularly.

• Track the security of mobile devices.

  
  

For detailed information, you can reach out to our experts at info@zerosecond.ae