Understanding the Threat of Supply Chain Attacks: 3CX

On March 29, 2023, multiple security sources began to flag the 3CX VoIP Desktop App, from 3CX, as containing malware that allows attackers control of the workstation it’s installed on (Supply Chain Attacks: 3CX).  3CX response is to uninstall 3CX Desktop App until an uninfected version of the software can be published.

The Net X VoIP Desktop App is uncompromised and immediately available for use.  https://pbx.netxonline.net

All Net X Network Security as a Service (NSaaS) subscribers benefit from the proactive implementation of platform-wide restrictions associated with the published indicators of compromise associated with the 3CX Desktop App and malicious C2 communications. Additionally, Device Posture Assessment capabilities can be configured to isolate all hosts running the 3CX Desktop App from the rest of your network until the software has been removed or remediated.

While the incident investigation is ongoing, at the time of this writing, it is believed nation state actors from North Korea are behind the supply chain attack.  We have seen this type of behavior before and consider this a sophisticated attack that requires resources available to nation states; however, we expect these types of compromises to become more commonplace as the compute resources become cheaper.

Net X is fully invested in producing the best, most secure experience for its partners and subscribers.  We continue to make significant investments in our software supply chain and threat detection capabilities to assure the software available is secure and uncompromised.

This type of attack highlights the importance of software security and the need to carefully monitor and control the software supply chain to prevent attacks like this from occurring. Regardless of Net X’s assurances in production of secure software, Partners and subscribers should also be vigilant about updating their software and verifying the authenticity of any updates before installing them.

What is a Supply Chain Attack?

A supply chain attack is a type of cyber attack that targets the software supply chain by compromising one of the components used in the software development process. The goal of this attack is to infect the software with malware or malicious code, which can then be used to gain access to sensitive data or systems.

In the case of the 3CX VoIP Desktop App supply chain attack, the attackers compromised the update mechanism used by the software to deliver updates to users. They were able to replace the legitimate software update with a malicious version that contained a backdoor, allowing them to access and control the victim’s system.

The attack was carried out in three stages:

  1. Compromising the software vendor’s update server: The attackers gained access to the server used by the 3CX VoIP Desktop App vendor to deliver updates to users. This could have been done through a variety of means, such as phishing attacks or exploiting vulnerabilities in the server software.
  2. Replacing the legitimate update with a malicious version: Once the attackers had access to the update server, they replaced the legitimate update with a version that contained a backdoor. This backdoor allowed the attackers to remotely access and control the victim’s system.
  3. Delivering the malicious update to users: The compromised update was then delivered to users through the software’s automatic update mechanism. Once installed, the malicious version of the software provided the attackers with a persistent backdoor into the victim’s system.

If you are a Net X Network Security as a Service (NSaaS) partner and have questions, please contact support@netxonline.net. If you are not yet a Net X Network Security as a Service (NSaaS) partner and would like a demo, email success@netxonline.net or request a demo online here.