The 3CX Supply Chain Attack: What You Need to Know

News broke recently of a major supply chain attack on 3CX, a widely used phone system software vendor. The attack has potentially led to numerous customer breaches and has been compared to the SolarWinds and Kaseya attacks. Here’s what you need to know about the 3CX supply chain attack.

The attackers were able to inject malware inside 3CX apps that were digitally signed with 3CX's authorized signing key.

What Happened?

3CX, a popular phone system software vendor, was targeted in a supply chain attack. Hackers were able to compromise the Windows and macOS versions of the 3CX app, which is used by over 600,000 customers, and 12 million users. Security Researchers have uncovered an active campaign using a compromised version of the 3CX app to target the company’s customers. Security researchers determined that the attackers were able to create a trojanized version of the desktop VoIP app from 3CX and use it to gain access to the target’s network. Specifically, the attackers were able to inject malware inside 3CX apps that were digitally signed with 3CX's authorized signing key.

What’s the Impact?

The 3CX supply chain attack has the potential to cause a significant impact, with far-reaching implications for businesses that use the phone system software. A single successful attack is all the attackers need to implant malicious code into multiple networks. Once the code is in, the attacker can exploit the network, steal sensitive data, and cause disruptions through further attacks.

Recommended Steps for 3CX Users

3CX has recommended that users uninstall the 3CX Electron Desktop App from all Windows and Mac OS computers. Additionally, it recommends users switch to the PWA Web Client App rather than the Desktop app. Lastly, it is recommended that organizations investigate their network to determine if there are any signs of compromise.

Businesses must take proactive steps to protect sensitive data and minimize the impact of potential supply chain attacks, and should not solely rely on their supplier's representation of their security posture.

Takeaway

The recent 3CX supply chain attack highlights the critical importance of supply chain security. Single-Points-of-Failure (SPoF) can leave organizations vulnerable to cyberattacks, so regular security audits, strong security policies, and supplier monitoring are essential. It's also crucial to regularly update and test software and services for vulnerabilities. Businesses must take proactive steps to protect sensitive data and minimize the impact of potential supply chain attacks, and should not solely rely on their supplier's representation of their security posture. Organizations should also contemplate embracing the Zero Trust approach to curtail the attack surface. This approach verifies and authorizes all requests before granting access to resources, hence minimizing the potential impact of supply chain attacks.

To learn more about defending your organization from supply chain attacks, check out our previous article on the topic here.