Supply Chain Attack Defense Demands Mature Threat Hunting
Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.
3CX concerns cybersecurity risks in a business communications platform, including supply-chain compromise, malicious updates, and incident response.
Search across headline titles and summaries.
Background for this topic.
3CX is a software-based private branch exchange (PBX) system that manages business phone calls over internet protocol (VoIP). It handles call routing, voicemail, conferencing, and integrates with other communication tools, often hosted on-premises or in cloud environments. As a core telephony platform, it processes sensitive voice data and user credentials, making it a critical asset in enterprise communications infrastructure.
Security risks with 3CX include exploitation of software vulnerabilities that could allow attackers to intercept calls, access voicemail, or execute unauthorized commands. Weak authentication or exposed management interfaces increase the risk of account compromise or system takeover. Defenders should focus on applying patches promptly, enforcing strong access controls, and isolating the PBX network segment to limit exposure and protect voice traffic confidentiality and integrity.
Weekly headline count for the current query.
Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.
The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.
As investigations continue, researchers find confirmation in their suspicions of a sprawling attack affecting multiple organizations.
Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
"Gopuram" is a backdoor that North Korea's Lazarus Group has used in some campaigns dating back to 2020, some researchers say.
In a Solar Winds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's official, legitimate update mechanism, security firms warn.