Check Point Software Technologies, Inc.
Check Point Reports Supply Chain Attack in which 3CX Desktop App is Trojanized and Exploited
Check Point Continues to Ensure Customer Protection and Safety
Check Point Software Technologies Ltd. (NASDAQ: CHKP), a comprehensive cybersecurity solutions provider, is a desktop client for the 3CX Voice over IP (VoIP) system. We discovered and reported a case where the 3CX desktop app was trojanized and used for supply chain attacks. We have confirmed that Check Point customers remain safe from this exploit.
What is 3CX Desktop App?
3CX Desktop App is the desktop client for the 3CX Voice over IP (VoIP) system. This application enables communication inside and outside the organization using desktops and laptops.
This app can simplify call recording and video conferencing and is available for Windows, macOS, and Linux operating systems. It is used as a tool by companies with hybrid and remote workers, and its customers include government service providers such as the UK’s National Health Service NHS, as well as major companies such as Coca-Cola, Ikea and Honda. I’m here.
what is happening
Over the past few days, it has become apparent that the original 3CX desktop app client has been trojanized and downloaded by unsuspecting victims worldwide. The trojanized version of the app contains a malicious DLL file that replaces the original DLL originally shipped with the legitimate version. Upon loading the app, the signed 3CX desktop app executes a malicious DLL as part of a pre-determined execution procedure. This turns a benign ubiquitous VoIP app into full-fledged malware, gaining the ability to beacon to remote servers and execute a second stage of malware.
Typical supply chain attack
This is a classic supply chain attack <
https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-a-supply-chain-attack/ Supply chain attacks are designed to exploit trust relationships between an organization and external organizations. This relationship includes partnerships, relationships with vendors, and use of third-party software. Once cyber threat actors have compromised one organization, they can then follow the supply chain and use these trust relationships to gain access within the environments of other organizations.
One way to weaponize legitimate tools
A fundamental layer in cyber protection is recognizing malicious tools and actions before an attack occurs. Security vendors devote significant resources to researching and mapping malware types and families, attribution to specific threat actors and associated attack campaigns, while TTPs are the source of correct security cycles and security policies. Identify (techniques, tactics, procedures). Threat actors, on the other hand, are developing and perfecting attack techniques to combat advanced cybersecurity solutions. The methodology has reduced the use of custom malware and shifted instead to leveraging non-signature tools. Threat actors exploit pre-installed operating system features and tools on targeted systems, as well as common IT management tools, to make them less suspicious when discovered. Similarly, commercial off-the-shelf pentest and red team tools are also frequently used. While this phenomenon is not new per se, it was once an uncommon technique used only by sophisticated threat actors. However, it is now widely adopted by all types of threat actors.
Check Point Protects You Unwaveringly
Supply chain attacks are one of the most complex forms of attack. Security vendors cannot rely on just one reputation-based,
single-layer solution. To achieve protection, we must question the activity we see on our networks, endpoints and servers and connect the dots.
Check Point Horizon XDR/XPR <
https://www.checkpoint.com/horizon/xdr-xpr/ The platform instantly blocks cyber-attacks originating from any part of an organization’s environment, preventing them from impacting the entire organization or spreading damage outside. XDR/XPR is the last line of defense for cyber defense and an additional layer across your integrated security estate. Check Point Horizon XDR/XPR also prevents complex attacks where seemingly innocuous events from multiple locations within your security asset space can synergize to pose a significant threat to your organization. A platform that automatically stops the propagation and spread of threats within an organization and provides clear digital forensics as additional validation for SecOps users. This release was announced on March 30, 2023 in the blog <
https://blog.checkpoint.com/2023/03/29/3cxdesktop-app-trojanizes-in-a-supply-chain-attack-check Based on -point-customers-remain-protected/ The latest cyber security trends will be explained in detail at “CPX Japan Online