Update en handelingsperspectief supplychain-aanval 3CX | Nieuwsbericht

Leave a Comment / CTI / By

News item |: 05-04-2023 |: 11:08 a.m

Cybersecurity firm CrowdStrike announced on March 29 that it had detected a digital attack on users of the 3CX software package. 3CX is a widely used and comprehensive VoIP software solution for companies, used for example by telephone exchanges. NCSC advises users of this software to take immediate action.

What is happening?

It is a supply chain attack that could affect many users of this software. 3CX Desktop App Update 7 contains software that is infected with malware. 3CX has indicated that version 7 will be available via an update from the end of March 2023. The software company is working on a new version that should fix this problem. This will be available to users as soon as possible.

Action perspective

  • NCSC, CSIRT-DSP and DTC advise all organizations using 3CX to investigate the potential vulnerability of their systems and be alert for signs of potential abuse.
  • 3CX recommends completely uninstalling the software if an infected (rogue) version is present on the system. After uninstalling the program, it is important to restart the system.
  • When 3CX is needed for a vital process in your organization, it recommends either using the web application or installing the latest version of the application after removing the infected software.
  • Below this message you will find various technical links with tools, monitoring rules and indicators that can be used for research.
  • If, based on your investigation, you suspect that you are a victim of abuse, we recommend that you change all passwords on affected systems in any case.

It is also advisable to change any saved passwords (for example, in the browser).

Malicious variants

3CX indicates that DesktopApp for Windows and MacOS is infected with malware. In particular, they are the following options:

  • Electron Windows software versions 18.12.407 and 18.12.416
  • Electron MacOS software versions 18.11.1213, 18.12.402, 18.12.407 and 18.12.416.

Are you buying from an ICT service provider?

If you use 3CX through an intermediary, please contact your provider as soon as possible.

Resources with technical details

Huntress
Valhalla
GitHub:
The Sentinel
Check my carrier
Nextron THOR Forensic Scanner

NCSC is closely monitoring the situation in collaboration with partners. This page will be updated as more information becomes available.

Source link

Leave a Comment

Your email address will not be published. Required fields are marked *