This week has been the turn of telephony software company 3CX to have one of their most used applets compromised. For those who don’t know an applet is an app, it's not short for application ...
An applet is effectively a shortcut to an application, containing most of the useful coding to load the service quicker and usually only to have to log in once to keep the service live.
In this case, the affected desktop app include the following versions: Electron Windows App 18.12.407 and 18.12.416 from Update 7 as well as Electron Mac App versions 18.11.1213, 18.12.402, 18.12.407 and 18.12.416. In this case, the hackers embedded a code so that the app would download and execute malicious malware from the device, into the entire network.
I must stress that the hack compromised the app only, not the 3CX phone systems or servers. The hack was more about spreading malware and industry reports suggest that the campaign was connected to North Korean state-sponsored hacking group Labyrinth Chollima, also known as the Lazarus Group or APT 38.
There are teams of programmers who have developed hacking kits for amateur hackers to buy from the Dark Web and come with easy-to-use instructions. Malware hidden in legitimate software is often referred to as having been 'trojanised'. We have all heard of the trojan horse used by the Greeks against the city of Troy, and we are now potentially faced with everyday trojan software.
This hack was actually discovered relatively quickly due to third-party threat protection subscription services from SentinelOne and Falcon, developed by CrowdStrike. These services monitor individual desktop and laptop computers for any unusual activity from any loaded software.
Companies of all sizes must now consider what was once considered a luxury and must now add the necessary expense to their IT budgets. You can't sit back and think 'it won't happen to my small company', but let me tell you, I have seen ransomware and malware attacks on every size of company.
It's all about the maths. Speak to us at BTS (UK) or your incumbent IT provider as to what deal we can do for your company once you decide to implement threat protection software. This is typically around £15.00 per month per device and typically includes 24/7/365 live monitoring.
Threat protection shuts down infected software and apps as soon as unusual coding is diagnosed within Microsoft Windows or MacOS!
This is the year to review your IT support services and renegotiate the overall support pack to ensure that your provider can supply appropriate threat protection as an additional service. Do ensure that they have the necessary qualifications and training themselves to be able to implement these new specialist services.
Stay safe ... there are some bad people out there.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.