The recent hacking incident involving the 3CX Voice Over Internet Protocol desktop application, used by 12 million people across 600,000 companies, has highlighted the growing threat of software supply chain compromises.
Software supply chain compromises are becoming an increasingly common tactic used by cyber criminals to infiltrate organizations. While the SolarWinds attack 3 years ago was the most infamous, these attacks are increasingly gaining in popularity among cyber attackers. This is because it is often easier to compromise a third-party vendor or supplier than it is to attack the organization directly. By targeting a vendor or supplier, attackers can gain access to a large number of potential victims, as well as valuable information about their targets. This is akin to a burglar targeting a lock manufacturer and installing a weakness in the product such that any future users are left exposed to a weakness that only the burglar knows about and can potentially exploit.
The 3CX incident is a prime example of how a supply chain compromise can have far-reaching consequences. In this case, the attackers, suspected to be North Korean state actors, were able to distribute a malicious version of the software to thousands of users, many of whom may have been using the software to conduct business-critical operations. This could potentially have resulted in the theft of sensitive data, financial loss, and damage to the reputation of the affected organizations.
The incident also highlights the need for organizations to take a more proactive approach to software supply chain security. This includes conducting thorough due diligence on third-party vendors and suppliers, monitoring the integrity of software updates, and implementing robust security measures to detect and respond to potential threats.
An important aspect to address is third party data observability. By ensuring visibility into the data that is transferred out to third parties, organizations can detect compromises as a result of software supply chain attacks. Case in point: an attack like the 3CX hack results in Personally Identifiable Information being exfiltrated out from the targeted organization. Through comprehensive third party data observability, the target can detect this exfiltration and block it before significant harm ensues.
Another way to improve software supply chain security is to implement a software bill of materials (SBOM) for all software components used in an organization’s IT environment. An SBOM is a detailed list of all the components that make up a piece of software, including information about their origin, version, and any known vulnerabilities. By maintaining an up-to-date SBOM, organizations can better understand the security posture of their software environment and take steps to mitigate any potential vulnerabilities.
In conclusion, the hacking incident involving the 3CX desktop application is a stark reminder of the growing threat of software supply chain compromises. Organizations need to take a more proactive approach to supply chain security to mitigate the risk of these types of attacks. This includes implementing robust security measures, conducting thorough due diligence on third-party vendors and suppliers, ensuring TPDO on information exchanged with third parties, and maintaining an up-to-date SBOM. By doing so, organizations can better protect themselves against this growing threat and ensure the integrity and security of their IT environment.