3CX VoIP Breach

The Risks and What You Need to Know to Protect Your Business

At Music City Technology, we understand the importance of cyber security and protecting valuable company data. That’s why we take a proactive approach to managed endpoints and strive to ensure that our clients’ networks are protected against potential threats. Recently, a cyber security breach occurred in the VoIP software 3CX, highlighting the importance of staying vigilant in the fight against cyber attacks.

What is 3CX?

3CX is a popular VoIP IPBX software development company that offers a range of services and solutions for businesses around the world. Their 3CX Phone System is used by over 600,000 companies and has over 12 million daily users. The platform is known for its ease of use and affordability, making it a popular choice for small to medium-sized businesses.

Who uses 3CX?

3CX is used by a long list of high-profile companies and organizations, including American Express, Coca-Cola, McDonald’s, BMW, Honda, Air France, Toyota, Mercedes-Benz, IKEA, and the UK’s National Health Service. Unfortunately, this also makes 3CX a prime target for cyber attacks and highlights the importance of having robust security measures in place.

What are the risks?

Recently, a digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client was used in an ongoing supply chain attack, targeting both Windows and macOS users. The attack involves beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and hands-on-keyboard activity. The most common post-exploitation activity observed to date is the spawning of an interactive command shell. The attackers are suspected to be a North Korean state-backed hacking group known as Labyrinth Collima, which overlaps with other threat actors tracked as Lazarus Group by Kaspersky, Covellite by Dragos, UNC4034 by Mandiant, Zinc by Microsoft, and Nickel Academy by Secureworks.

What needs to be done?

To protect against potential cyber attacks, it’s important to have robust security measures in place. This includes keeping software up to date, using anti-virus software, and implementing multi-factor authentication. Additionally, it’s important to conduct regular security audits and penetration testing to identify vulnerabilities and address them before they can be exploited.

If you’re concerned about your cyber security posture or would like more information on how to protect your business from potential threats, contact us today here or call us at (615) 200-8045 and ask to speak with me. We can also assist with VoIP phone system solutions if you’re looking to upgrade or save money. Don’t wait until it’s too late – take proactive steps to protect your business today.