Yesterday (30th March 2023) it became public that 3CX’s Desktop Client had been compromised by a malicious piece of malware, resulting in ransomware being installed on a number of 3CX Clients computers.
3CX has responded to this incident by issuing new code signing certificates and releasing new software builds, but have admitted they do not understand the extent of the breach. We know that this threat currently affects the 3CX DesktopApp versions 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407 and 18.12.416 for Mac. Shodan reports that there are more than 242,000 publicly exposed 3CX phone management systems. 3CX have indicated that this is an ongoing supply chain intrusion impacting versions of 3CX Desktop App going back as far as January 2023’s 18.11.1213 release for macOS. Our Cyber Security team have reviewed the vulnerability and can confirm that it is quite severe and concerning.
While 3CX issued a patch today, the company still strongly recommends that ALL users avoid the desktop-based Electron desktop application unless absolutely necessary. There have been discussions that the breach may also impact other aspects of the 3CX software implementation, but these have not been confirmed.
Real World Support customers who utilise 3CX from a third party provider have had the malicious Desktop Application removed and were contacted yesterday to discuss the impact of the threat.
Huntress, one of our Cyber Security partners, recommends users of 3CX seek alternate telephony arrangements.
CloudPBX is a modern, secure and scalable PBX replacement that is suited to a wide range of business applications for micro, small, medium or large businesses. Whether you use our Desktop or Mobile app, or a physical phone on your desk, we take pride in our standards compliance and flexibility, as well as system reliability.
If you need a replacement phone system or help to manage the incident, please get in touch today. We’d love to help you transform and modernise your business communications, securely.
How we can help
More from the blog
Changes to outgoing calls using a Telstra number from 7th August 2023
27 Jul 2023
On 7th August 2023, Telstra will implement their verification IVR for geographic numbers owned by Telstra on most outgoing calls.
Read more
New CloudPBX Desktop Builds
29 Dec 2022
We’ve release some updates to CloudPBX Desktop, in particular to address compatibility issues with Windows 11 22H2 and resolve some issues with Jabra headsets experienced …
Read more
Connect with Konnect
30 Jun 2021
We’re so excited to launch the beta of our Konnect portal. Konnect makes it simple for you to manage your services with Real World. We’ve …
Read more