In early August 2020, news broke about a massive supply chain attack targeting the users of 3CX. Those using the popular unified communications platform on Windows and MacOS were targeted by hackers who distributed trojanized versions of 3CX applications. According to researchers, this attack appears to be the work of YPoint, an Iranian hacker group.
What made this attack particularly worrisome is that the trojanized applications were distributed through legitimate but compromised software packages. This type of attack targets the weakest link in an organization’s security chain – its supply – by infecting the delivery software before it reaches the intended recipient.
Essentially, this attack consists of distributing maliciously modified versions of software packages for Windows and MacOS systems. These trojanized applications are virtually indistinguishable from the legitimate versions and can remain undetected until it’s too late.
Once the malicious code is in place, the attacker would have direct access to the user’s computer and be able to perform various activities, from stealing confidential data, to spying or performing malicious activity. For example, the trojanized 3CX Windows installer contained software that can detect keystrokes and allow for remote control of the user’s computer.
As a result of this attack, many 3CX users had to take additional steps to clean their systems and safeguard themselves against future attacks of this type. To protect against supply chain attacks, organizations must employ a defense-in-depth approach.
This means that all software packages need to be thoroughly vetted before installation, any malicious code should be carefully monitored, and employees should be trained not to download legitimate software packages from suspicious websites. Additionally, the software development process needs to include additional measures such as automated static analysis, sandboxing and penetration testing.
The massive supply chain attack targeting 3CX users serves as a stark reminder of how important it is for organizations to protect themselves from maliciously modified software. To keep their systems secure, organizations must take all the necessary steps to ensure that malicious software does not make it onto their computers. Otherwise, their networks could be at risk of being compromised by attackers.
Hey Subscribe to our newsletter for more articles like this directly to your email.