This hack seems to be more of a ransomware than a targeted SolarWinds type of attack. From what we know (at the time of writing this), in the information posted by the hackers as well as what Sangoma published in their statements, it seems like the hackers obtained a ton of Accounting/Financial/Employee information.
How much you don’t want to trust Sangoma, I can assure you that they placed the mirror servers under a magnifying glass as soon as they discovered the hack. How much you are afraid of a SolarWind type of hack, they are even more… And I trust Sangoma that if they have spotted something fishy they would’ve taken down the mirror servers, or included that in the statement.
Additionally, some former developers had mentioned:
The SolarWinds issue was in the supply chain. I don’t know dinkus about the Sangoma supply chain, but it does appear to have changed in the last couple years.
And relying on the opinions of people who used to be part of it but aren’t any longer is not, IMO, a good plan. Nothing against James or Rob at all, just that they aren’t the voice from whom I’d like to have more assurance about the integrity of the code.
What amazing is how with so many possible security layers (e.g. - client antivirus, DNS proxy filtering, hardware firewalls, AI-type security appliances, spam/malware e-mail filtering, etc.) most organizations are still vulnerable to a degree mainly due to the PEBCAK. Be it through social engineering type phone calls, spearphishing, or just flat baiting someone.
I’ve seen a good amount of larger tech companies get dinged, our retail manufacturers and suppliers get hit, and we’ve all seen the fallout from the SolarWinds s$#tshow. Too bad we can’t grant business Internet access based on the merit/demerit system!
Just curious if there is any more updates. I believe we just had the update a couple of weeks ago and wanted to see if there was any more clarity at this point.
The investigation continues, and I expect to see an update go out shortly. When it does I will link it here in this thread. Reminder that all press releases can be reviewed here, and links to individual releases are in post #2 of this thread.
For those asking for comment about upgrading PBX modules, I refer to the wording in the December 29 Press Release:
the investigation has also uncovered no evidence that any of the Company’s products or services have been impacted by this cyber attack, nor is there any evidence that the code inside Sangoma’s products has been compromised or that the use of the products would create a security risk to a customer’s business.
It then goes on to describe steps that might be taken out of an abundance of caution.