The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.

This Week’s Top Story

A first: 3CX software supply chain attack caused by a different supply chain attack

This week, we continue our coverage of last month’s software supply chain attack on 3CX, a voice over IP (VOIP) solution, since new research continues to surface about its details. To recap: Malicious actors tampered with the company’s software update for its 3CXDesktopApp, serving malware to the company’s customer base. Last week, we reported on the company’s confirmation that the actors behind this targeted attack are North Korean.

Now, the Google-owned security firm Mandiant has discovered that this incident was actually caused by a different supply chain compromise in which suspected North Korean attackers breached the site of Trading Technologies, a stock trading automation company. The goal of the Trading Technologies attack was to push trojanized software builds, which impacted 3CX. This additional discovery in the aftermath of the 3CX attack is monumental, since this is the first time that researchers have discovered one software supply chain attack causing another, Mandiant said.

This makes the threat of the software supply chain compromise all the more real — and detrimental to companies that both produce and consume software. Even more alarming is the fact that most companies impacted by these attached, back-to-back incidents are unaware of what’s happened. Mandiant’s CTO Charles Carmakal notes: “We suspect there are a number of organizations that don’t yet know they are compromised.”

Stay tuned for ReversingLabs continued coverage of the 3CX software supply chain attack. To learn more about how this software supply chain attack occurred, see ReversingLabs reverse engineer Karlo Zanki’s analysis of the incident.

News Roundup

Here are the stories we’re paying attention to this week…

Goldoson Android malware infects over 100 million Google Play Store apps (The Hacker News)

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads.

Software firms across U.S. facing massive tax bills that threaten tech startup world survival (CNBC)

Software startups say they were blindsided by shocking tax bills as a result of a change in law related to research and development costs, and if Congress does not provide a retroactive fix, business failures will spread throughout the industry.

Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes (Graham Cluley)

A Finnish court has given the former CEO of a chain of psychotherapy clinics a suspended jail sentence after failing to adequately protect highly sensitive notes of patients' therapy sessions from falling into the hands of blackmailing hackers.

UK warns of Russian hackers targeting critical infrastructure (Security Week)

The UK government’s intelligence and security arm this week issued an alert on Russian state-aligned threat actors aiming to conduct disruptive and destructive attacks against critical infrastructure in Western countries.

Expect AI-powered cyberattacks targeting health systems (Chief Healthcare Executive)

As technology leaders predict that artificial intelligence will be used in healthcare and research, cybersecurity experts say healthcare organizations must brace for AI-powered attacks on their systems. Cybersecurity leaders in healthcare say it’s coming, and it’s likely going to be a threat that organizations will be dealing with in the not-too-distant future.