Description
The FortiGuard Incident Response team is ready to assist with the discovery, containment, and remediation of intrusions that have originated from the 3CX supply chain attack.
Whilst adversary infrastructure associated with this campaign was taken down quickly reporting indicates multiple compromised endpoints across the globe.
The campaign resulted in the deployment of info stealer malware that could result in the use of valid credentials for future attacks if not properly scoped and mitigated.
Scope
FortiGuard.
Solution
Engaging Response Services:
To engage the IR team directly for help with an investigation please use the ‘Experienced a breach?’ link available here:
https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/fortiguard-inci...
This webpage also has additional information on IR services and helps to prepare for cyber incidents.
Engaging Proactive Services:
If there are any questions about whether to be a victim of this campaign or to proactively prepare and the security teams to better handle threats like this, it is possible to engage the Incident Response Readiness service.
The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats and war game the existing processes as part of tabletop activities.
Related document:
https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/sb-fortiguard-incident-readines...
