Red Flags, Misses and How to Address The Software Supply Chain Threat
ReversingLabs Co-Founder/Chief Software Architect Tomislav Pericin and Field CISO Matt Rose delve into the details of the explosive software supply chain attack experienced by 3CX, a provider of enterprise voice over IP (VOIP) solutions. Beginning on March 22nd, 2023, it was discovered that 3CX had released and distributed malware-compromised versions of its 3CXDesktopApp desktop VoIP client directly to customers.
While the industry is experiencing the ripple effect of this security incident, early indicators point strongly to a compromise of 3CX’s software build pipeline, leading to malicious code being inserted into the 3CXDesktopApp package.
Tomislav & Matt cover the critical details resulting from analysis of the malicious files used in the attack and explore what pre-emptive actions could have been taken by 3CX to prevent this hack and mitigate future attacks following similar patterns.
In this webinar, you will learn:
✓ The initial impact of the 3CX software supply chain attack
✓ Where legacy tools and policies failed to detect and address the risks in its software package
✓ Who is responsible for this attack and what it means for software development as a whole
✓ How 3CX and others can detect and mitigate these increasingly advanced software supply chain threats