Corporate communications experts 3CX has released a statement confirming a supply chain security breach. Proving that even companies within the security sector are still at risk of becoming victim to malicious activities, 3CX has reassured clients that swift disaster recovery is currently underway.
3CX has over 5 million customers and a net worth of $4.6 million. As a trusted supplier of phone, video, and live chat systems, the company has worked to ‘reinvent the remote workforce’ since the pandemic in 2020. This security compromise will shock many, but clients should rest assured in knowing that the company has robust security measures to protect their customers.
What Was the 3CX Security Breach?
The company’s official alert stated that attackers were trying to access MacOS and Windows user accounts via the 3CX softphone app via one of their third-party suppliers. The actor-controlled infrastructure is suspected of being carried out by a North Korean state-backed hacking group, but this is yet to be officially confirmed.
3CX acted immediately to deploy their disaster recovery planning, carried out by their team of cyber security experts, Mandiant.
The attack is called ‘SmoothOperator’ and has affected suppliers SentinelOne and Sophos. In the first instance, hackers have been making access via the web client accounts in the form of a malicious update that is being offered. If successful, the decrypted shellcode from component part d3dcompiler_47.dll could be used to download files and encoded information.
What Steps Do 3CX Experts Recommend?
A quote from Nick Galea, 3CX CEO, which was released last week reads:
“As many of you have noticed, the 3CX Desktop App has malware in it. It affects the Windows Electron client for customers running update 7. It was reported to us last night, and we are working on an update to the desktop app, which we will release in the coming hours.
The best way to go about this is to uninstall the app (if you are running Windows Defender, it’s going to do this automatically for you, unfortunately) and then install it again. We are going to analyze and issue a full report later today. Right now, we are just focusing on the update.”
Alongside the advice to uninstall and re-download, 3CX also recommends that all companies continue their existing cyber security scanning and processes. Companies concerned if they have been affected might also want to conduct a security risk assessment to ascertain any current threats to operations.
Switching to using the PWA web client app is also recommended, as the compromise is not affecting this service offering. We recommend this for our 3CX clients as it offers better usability for remote access.
To keep up with the latest events, 3CX recommends following their RSS feed.
Is 3CX a Trusted Solution for my Business?
At Creative Networks, we believe 3CX is a brilliant communications tool to have integrated into networks as it works seamlessly with different programmes. As showcased in this scenario, their risk management and resolution deployment are second to none. Using third parties within their business model also further enhances overall security by introducing additional security measures.
To find out more about Creative Networks 3CX services, click here.