Dear customers,

As you may be aware, there has been a security incident involving the 3CX phone system, and they have published updates on their own blog and forums since. The latest is available here. As 3CX’s only Irish Solutions Partner, and Platinum Level Partner, we have been working closely with 3CX over the past few days. We updated our Status Pages on the day of the detection, and have been monitoring since.

We would like to reassure our own customers that they are not affected by this incident, because we have not yet updated them to version “Update 7”. Our support team is aware of the issue and is closely monitoring the situation, but we have decided to wait until the dust settles and all necessary patches and fixes have been released and tested, before rolling out the update to our clients.

Any customers using our EDR security service and any directly managed customers on our RMM product have already been checked for the malicious software.

We take the security and privacy of our customers very seriously, and we want to ensure that any updates or changes we make to our systems are thoroughly vetted and validated, so as to minimize any potential risks or disruptions. In the meantime, we advise our customers to remain vigilant and to follow basic security best practices, such as using strong passwords, enabling two-factor authentication, and regularly backing up their data.

3CX Security Incident – NTES Customers

UPDATE ON 4th April

3CX have posted the following update:

The Windows Electron App 18.12.425 has come back with the all clear from Mandiant.

The main difference with 18.12.422 is that it has been signed with a new certificate.

We hope to push this version to customers tomorrow.

We still recommend using the PWA Web App.

We are currently building a new version Update 7a – should be in QA by next week – which has:

Password hashing

BLF panel for PWA dialer.

Improved install screen in web client.

We only have a handful of cases reported to us where malware has actually been triggered. And these reports still require verification. Furthermore after removal of the infected files using anti virus software no further malicious outbound traffic has been observed. Of course this may change but this is the status as of today.

We are taking the opportunity to strengthen our policies, practices, and technology to protect against future attacks.

We will be posting more news as it comes available.