Recent reports indicate that 3CX VoIP customers have been exposed to a massive supply chain attack that has compromised over 39 versions of their software. In a coordinated campaign of malicious activity, attackers have managed to Trojanize both Windows and Mac apps, perpetuating a cycle of compromising and compromising again.
The attack targets enterprise users of 3CX’s VoIP software for both platforms, resulting in remote access to internal systems. The malicious code was added through the Windows installer binary & the Mac Disk Image (DMG) file across 20+ different versions of 3CX Phone System, 3CX SBC, and 3CX Phone System Free Edition.
This supply chain attack is yet another example of why the security of a system should not simply be that of the hardware and software alone. Companies need to take extra precautions to secure the software they purchase, even if it is marketed as highly secure, because hackers often target these types of systems and use their background advantages to inject malicious code. Without proper security, these malicious actors can gain access to sensitive data and hijack entire networks.
To date, 3CX has released advisories for all affected versions of their software and customers have been instructed to replace all potentially affected versions. As a reminder to other companies and enterprises, it’s crucial that all software used within a business have the latest security patches and software updates. Companies should also implement processes for checking for new versions of software, as well as for ensuring that any new versions of software are tested before being rolled out and introduced into a company’s environment.
Overall, this attack further highlights the need for supply chain security to avoid potentially devastating and costly breaches. Companies should remain vigilant and seek to improve the security of their supply chain by implementing proper protections and processes. Attacks such as this one are not likely to stop anytime soon, making companies’ ability to prevent and mitigate these threats essential.
Hey Subscribe to our newsletter for more articles like this directly to your email.