Supply Chain Attack Targets Popular VOIP Application
Earlier this month, 3CX, a company which provides phone system software, was the target of a cyber-attack known as a supply chain attack. A supply chain attack occurs when hackers target a third-party vendor that provides services or products to a larger company, with the goal of accessing the larger company’s network through the vendor’s software or services.
In this case, the attackers compromised 3CX’s software update system and inserted malicious code into the updates. This meant that when 3CX’s customers downloaded and installed the updates, they unknowingly downloaded the malware as well. The malware stole sensitive information from the affected systems and gave the hackers remote access to the networks. CrowdStrike was the first company to recognize the signs of the attack, and has more in-depth information here.
If you use the 3CX DesktopApp, it is highly recommended that you ensure the application is up-to-date or uninstall it until an update can be applied.
3CX says that only a small percentage of their customers were affected by the attack, but it is still a serious security breach. Supply chain attacks have become increasingly common in recent years, and they can be difficult to detect and prevent. Companies should take steps to protect their networks and carefully vet the security of their third-party vendors.
If you have any questions or concerns around this cyber-attack or your cybersecurity posture overall, please do not hesitate to reach out to us!