BlackBerry Prevents Emerging 3CX DesktopApp Supply Chain Attack – And Has for Weeks
An emerging zero-day software supply chain attack has leveraged the software of a popular phone system developed by 3CX that is used by more than 600,000 companies worldwide and more than 12 million individual users. A Trojanized and digitally signed version of the desktop installer is part of an integrated cyberattack campaign that gives threat actors an interactive command shell on infected systems.
BlackBerry Prevents the 3CX Zero-Day Attack
BlackBerry customers have been protected from this supply chain attack for more than two weeks. While some media reports indicate that this attack may have commenced on March 22, 2023, BlackBerry customers using CylancePROTECT® reported convictions a week earlier on March 15. Our internal threat intelligence data suggests an even earlier detection date of March 13 where our AI-driven defense models first began blocking malicious code injections (DLLs) associated with the compromised installer.
Watch the demo video below to see how CylancePROTECT defends against 3CXDesktopApp supply chain attacks.
DEMO VIDEO: BlackBerry vs. 3CXDesktopApp supply chain attack
Actions for BlackBerry Customers
CylancePROTECT customers are already automatically protected from this zero-day, and have been for several weeks. Our endpoint protection platform blocks the attack before it can execute in customer environments and was able to do so as soon as this zero-day threat emerged. However, we encourage customers to assess their environment for instances of 3CX and update appropriately per the guidance of the vendor to help mitigate any further risk.
For up-to-date details on the 3CX DesktopApp supply chain attack please visit the BlackBerry threat intelligence center.
CylancePROTECT Provides Industry Leading AI-driven Defense
The Cylance® AI-driven defense model is a battle-proven solution that has been shown to stop more attacks — and earlier in the attack chain — than other models. This is due to the sophisticated algorithms that enable the system to detect and prevent threats before they have a chance to fully execute.
One of the key advantages of the Cylance model is that it is up to 95% lighter* than other solutions, meaning that it can be deployed on a wide range of systems without causing significant performance issues. This makes it an ideal choice for organizations looking to protect their assets without compromising system performance.
CylancePROTECT is a highly effective and efficient approach to cybersecurity that is well-suited to the needs of modern organizations that must defend themselves from constantly emerging threats.