“kaseya event exist, overall supply chain compromises require adversaries to satisfy multiple, interconnected, and interdependent requirements to achieve mission success. emphasis on visibility, layered defenses, and implementing emergency plans for business continuity all factor …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
87%
“degradation of such services to enable appropriate, risk - based decision making in the future as part of their response plan to identified ( or suspected ) security incidents. in the case of 3cx, customers have the option of switching from the desktop application to browser - ba…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
83%
“operations in the face of supply chain - based cyber threats. contextualizing supply chain intrusions supply chain intrusions contain a certain mystique within information security circles. supply chain incidents, such as the incident involving solarwinds orion software in 2020, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
76%
“relationships between applications and their implications for operations may be vital in advanced planning and defensive action to minimize potential damage and disruption. historically, some supply chain events, such as the kaseya incident, resulted in near immediate impacts in …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
76%
“equally relevant. defenders may lose some initiative in that “ border defenses ” are circumvented through a supply chain intrusion, but layered defenses including host and internal network visibility will still be effective in identifying post - compromise activity. notably, ther…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
74%
“operations in the face of supply chain - based cyber threats. contextualizing supply chain intrusions supply chain intrusions contain a certain mystique within information security circles. supply chain incidents, such as the incident involving solarwinds orion software in 2020, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
70%
“in identification. as indicated by 3cx ’ s ceo in an interview with cyberscoop, “ the macos version only has a couple of thousands of users. ” thus one possibility is that initial access and modification started with the less - prevalent macos version, resulting in significantly …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
57%
“in identification. as indicated by 3cx ’ s ceo in an interview with cyberscoop, “ the macos version only has a couple of thousands of users. ” thus one possibility is that initial access and modification started with the less - prevalent macos version, resulting in significantly …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
42%
“##igation and response steps. this includes being able to perform root cause analysis ( rca ) on any activity identified that may be associated with installation of modified software or similar supply chain vectors. for example, defenders should be able to identify any attempts t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
39%
“chain, from initial information gathering to ultimate actions on objectives. supply chain intrusions mapped to the cyber kill chain looking at the above, supply chain intrusions certainly form part of this sequence of events, and in some instances may result in very effective, di…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
33%
“contextualizing events & enabling defense : what 3cx means | huntress background on 29 march 2023, crowdstrike released a social media post and then a follow - on blog describing a supply chain compromise involving 3cxdesktopapp softphone software. subsequent analysis and investi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1592.002Software
32%
“kaseya event exist, overall supply chain compromises require adversaries to satisfy multiple, interconnected, and interdependent requirements to achieve mission success. emphasis on visibility, layered defenses, and implementing emergency plans for business continuity all factor …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In this blog, we contextualize the events and talk about enabling defense from the 3CX compromise.