As businesses become more interconnected, there is an increased risk of a cyber attack originating from a third-party vendor. In 2022 there were 40% more supply chain attacks than malware attacks, so the need for security between businesses is becoming a greater concern. Supply chain compromise is an attack that originates from a vendor, supplier, or employee through the devices or software used in manufacturing and distribution. This tactic is used instead of targeting individual end users because the opportunity for compromise and data collection is much greater.
The voice-over IP vendor 3CX is in the news because of a supply chain attack that was passed on to its customers. The malicious code was distributed to desktop computers through an automatic update but originated from another supply chain compromise in an interesting and informative way. The attack is already being cited as on the same scale as the SolarWinds attack. Investigators said the attackers have ties to North Korea and were interested in gathering data instead of encryption for ransom.
Supply chain attacks from third-party software vendors are difficult to detect because, as in this case, the vendor has control of company systems and decides when they push out an auto-update. 3CX investigated the compromise and disclosed that one of their employees downloaded out-of-date software used to trade stocks to their personal computer. The stock trading software was compromised, and the attackers were able to gain 3CX credentials and move laterally through the systems to create a malicious software update that would be distributed to the 3CX customers.
There are a couple of red flags from this early reporting and disclosure. Hackers were able to steal company credentials from an employee’s personal computer, and once inside, they could move laterally around the system with access to software updates. Without more information, it sounds like the principle of lease privilege should be added to the layered security system. Employees should only have access to the data they need to do their job. If hackers could move through the system at will, initial reports suggest segmentation is not in place in the data security practices either.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.