This is Why the Feds are Very Scared About Supply Chain Attacks

Last week it was revealed that VoIP communications company 3CX was compromised and was distributing a malicious version of their desktop software to hundreds of thousands of paying customers.

This is not an attack where users go to find sketchy websites and download “free” software that should be paid for. Rather, this is licensed software that users are paying good money for.

The attack replaced two genuine Windows DLLs were replaced by malicious ones. The malicious ones included an extra, special payload. Somehow, the files were still shown as signed by Microsoft, even after having been modified.

THIS IS DUE TO A BUG, PATCHED IN 2013, WHICH ALLOWED THE ATTACKERS TO MODIFY THE FILE WHILE PRESERVING THE SIGNATURE.

Microsoft decided to make the patch optional, likely because it would break other software. Rather than inconveniencing software developers and forcing them to clean up their coding practices, they put hundreds of millions of users at risk. Microsoft has a registry hack to fix the problem (in the link). The hack will be removed if you upgrade to Windows 11. Special! (But you can re-apply it). Maybe Microsoft will get sued for this practice; put users at risk to make life a little easier for developers does not seem right. The malware can steal data, start, stop and delete services and interact directly with compromised systems. Also, there is, apparently, a macOS version as well. Credit: Bleeping Computer and Dark Reading

by