Security News

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers."The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers said.

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

Even though your company may not have suffered a direct breach, your data may already be on the Dark Web. Breaches end up being marketed by hackers with data descriptions and auction demands, often in Bitcoin.

As server-side security advances, more attackers are exploiting vulnerabilities and launching malicious attacks through the less protected and seldom monitored client-side supply chain. Because of these attacks' sophisticated and subtle nature, they can be hard to detect until it's too late.

SCSW On a scale of 1 to 10, 10 being the highest risk, Snap Chief Information Security Officer Jim Higgins rates software supply chain risk "About 9.9". Ten, for the record, is "Always security hygiene," he told The Register.

SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel. "It was similar to a fraternity rush - the best experience I never want to do again," Scales, head of incident response at Mandiant, told The Register.

SCSW The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. "Attackers have realized this, and that it's easy to hide in and attack all those gaps, those third-party components as they get transferred around and reused by other vendors," Dan Lorenc, CEO and co-founder of security specialists Chainguard, told The Register.

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates. In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four of 17 industries studied - computer hardware and chips, cybersecurity, energy and clean tech, and the Internet of Things - open source software was in 100 percent of audited codebases.

The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done? More recently, attackers have targeted code repositories like GitHub and PyPI and companies like CI/CD platform provider CircleCI, an incident that expanded the definition of a supply chain attack, according to Matt Rose, field CISO for cybersecurity vendor ReversingLabs.