3CX Attack Shows The Dangers Of âAlert Fatigueâ For Cybersecurity>
National Cyber Security – Kyle Alspach
The widely felt supply chain compromise of VoIP vendor 3CX was not caught as quickly as it might have been, as both the vendor and users initially assumed the alerts were false positives, according to cybersecurity experts.

While users did report receiving warnings from SentinelOne about 3CX as early as March 22, both the users and 3CX support team seemingly assumed that the detection was a false positiveâpossibly due to experiencing ânumerous false alarms in the past,â Farrar said.

CrowdStrike threat hunters were the first to determine that the detection of malicious activity coming from the 3CX app was not a false positive, and the company publicly disclosed details about the attack in a post March 29.

In the future, itâs likely that automation and AI will do more to help with the issue, Richmond said.

Many 3CX users had seen their endpoint protection software incorrectly flag legitimate software as malicious in the past, said Greg Notch, CISO at cybersecurity vendor Expel.

Since 3CXâs software was expected in their environment, they assumed it was the endpoint security software that was incorrect, rather than suspecting the 3CX software had been the victim of a supply chain attack, Notch said.
Link: https://nationalcybersecurity.com/3cx-attack-shows-the-dangers-of-alert-fatigue-for-cybersecurity-hacking-cybersecurity-infosec-comptia-pentest-ransomware/