3CX phone system compromised, how we reacted to protect your systems

Great work today from our CSSCloud tech team in reacting to the 3CX phone system hacking.

We constantly monitor and manage our customer’s IT and tech in order to provide the best protection available. Sometimes the work we do goes unnoticed, because we don’t need to make a song and dance about it, it’s just what we do. However I thought it was time to give a shout out to our tech team’s response to the latest expoit/threat, the “3CX phone system compromise”

Although 3CX is not a system we provide, we do have a number of customers using it, so we needed to react quickly in order to minimise the threat to customer data and continuity.

Our Endpoint, Detect and Response system (in short, a very advanced next generation anti virus/security system) detected the threat and immediately neutralised it.

Our engineers then ran additional scans over our complete customer base to ensure we were aware of 3CX installations. This was quickly relayed to our account management team who then made contact with those customers impacted to explain the situation.

Those PC’s then had the 3CX system completely removed, which was recommended by 3CX as a ‘workaround’.

Shown below is our EDR system detecting an infected PC

It is really interesting to note that in all cases, we were able to notify the customer of the problem, before the local 3CX providers did. We also noted that whilst our EDR system was able to detect the ‘unusual activity’ of the 3CX client, standard managed antivirus did not, which makes it even more important to employ EDR.

These types of hacks, in this case an exploit carried out in conjunction with the North Korean government are increasingly common and if left undetected can be used to exploit personal and financial data and in many cases allow the infected devices to be used to target other infrastructure.

Those customers who benefit from our own CSSCloud Phone system, are completely unaffected by this threat/exploit and will continue to be, as we apply the same level of security and support to our communication solutions as we do our IT support and solutions.

Contact us today on 01493 801801 or advice@csscloud.co.uk if you would like to discuss any of the above

James Paterson

Business Development Director at CSSCloud

All author posts

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
uncodeAI.css	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
uncodeAI.images	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.
uncodeAI.screen	session	This cookie is set by Uncode WordPress theme to run the Adaptive Images system. According to their documentation, these cookies contain runtime information about the viewport and screen resolution, these data are used on any page refresh to calculate the correct Adaptive Images. No personal information are stored within these cookies.

Cookie	Duration	Description
_ga_YCE5VW0MZ3	2 years	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description

3CX phone system compromised, how we reacted to protect your systems

James Paterson

Need our help?

Phone Us

Email Us

Raise A Ticket

Quick Contact

SIGN UP TO OUR NEWSLETTER

EXPLORE

HEAD OFFICE

NORWICH OFFICE

CONTACT INFO

3CX phone system compromised, how we reacted to protect your systems

James Paterson

Need our help?

Phone Us

Email Us

Raise A Ticket

Quick Contact

SIGN UP TO OUR NEWSLETTER

EXPLORE

HEAD OFFICE

NORWICH OFFICE

CONTACT INFO

Carrie Baker

Ross Downing

Luke Baker

Christine Davey

Daniel Perrin

Stephen Kemp

Alex Rosedale

Josh Tierney

Jarred Mace

Daniel Brown

Alex Hind

Glenn Woollard

Simon Woodhall

James Paterson

Ross Downing