3CX: Working around the clock to resolve cyber attack
13:27 - 03 April 2023
Nicosia-based 3CX has been working around the clock to resolve a cyber attack it suffered on 29 March by “a highly experienced and knowledgeable hacker”, in cooperation with American cybersecurity firm Mandiant and the local authorities.
Nick Galea, the CEO of 3CX, an international VoIP IP PBX software development technology company based in the capital of Cyprus, said in a blog post: “We regret to inform you that our company has become victim to an attack on our product and the larger supply chain. Our highest priority is to be transparent in sharing details on what actions we are taking in response to this incident and what we know to date. Information is rapidly unfolding in this ongoing investigation. We want to ensure we only share validated information with actionable steps for you to take. We’ll continue working closely with our Mandiant advisers to investigate how this incident occurred and put in place measures to prevent any recurrence.”
According to the company, on March 29, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in its product. “We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts,” it said. “Initial investigation suggested the incident was carried out by a highly experienced and knowledgeable hacker. We’re working closely with law enforcement and other authorities.”
With the help of Mandiant, 3CX said it was conducting a full investigation. “This includes a thorough security review of our Web Client and PWA App where Mandiant engineers are validating the entire source code of our web app and Electron App for any vulnerabilities.”
As a result, it said it has received an outpouring of support from the security industry and research community to share insights and data related to the investigation.
The company has recommended that its subscribers take immediate action, by uninstalling the 3CX Electron Desktop Application from all Windows or Mac OS computers (see more information here), continue AV scans and EDR solutioning in their organisation's networks for any potential malware with the latest signatures; switch to using the PWA Web Client App rather than Desktop App (read more about this here and how to switch to PWA.
“3CX is taking this opportunity to continue to strengthen our policies, practices, and technology to further protect against future attacks,” said the company.
To keep up to date with the latest developments, 3CX encourages its subscribers to subscribe to its RSS feed, where the blog will provide all updates on the ongoing investigation.
Also, to answer as many questions as possible, the company has set up a dedicated help forum including 3 support tickets for all users. (Log into your 3CX portal account; click "More" menu top right; select "Support"; click "Create ticket"; select the instance you want to ask a question about; enter support question - auto reply receipt confirmation followed later by response).
It will also be posting updates on its social media. “ Alerts will be posted on Twitter and LinkedIn alerting to blog updates.”
In appreciation of its customers’ and partners’ support, 3CX said it will be extendings its customers’ subscriptions by three months, free of charge. “We value our customers and partners and want to continue providing an exceptional product to all we serve. As a token of gratitude for your patience and support, we are extending customers’ subscriptions by 3 months free of charge. Partners have received an email with details on this too. This extension will be applied automatically in the coming weeks.”
Finally, the company said it has been overwhelmed by the outpouring of support from its partners and customers, “who have actively supported us on the forums with practical advice and moral support”. “Thank you! To the countless security researchers and experts that have published information about the attack and have helped us and our customers navigate the attack, we are also truly thankful. We will continue to provide additional information as we have more to share.”
(All updates will be posted on 3CX’s blog: https://www.3cx.com/blog/)