3cx Desktop Zero Day Attack

On March 29, 2023, a zero-day exploit was discovered in the Desktop Application of the 3CX Phone Management System. Our Senior Project Engineer was notified by a colleague in the field that this vulnerability was actively being exploited in the wild. This exploit could allow attackers to remotely execute arbitrary code on vulnerable systems and take over mouse and keyboard functions.

A zero-day exploit is a vulnerability in a technology system that is novel and new. In some cases, these Zero-Day’s are unknown to the software vendor, and for which no patch is currently available since it is a recently discovered bug. “In the wild” is a term used in computer security to describe a vulnerability that is known to attackers and is being exploited in the real world. This means that the vulnerability has not been patched by the software vendor and is actively being used to attack systems. Attackers often use zero-day attacks to gain unauthorized access to systems, steal data, and leverage the vulnerability to launch a larger and more threatening attack.

The CCP Technologies team quickly acted within minutes of being made aware of the vulnerability to define and mitigate the risk exposed by this exploit. We regularly monitor our client’s systems for any sort of malicious or unexpected behavior and the first course of action was to verify this was the case. Once this fact was confirmed, we then worked to mitigate the risk. Since the software developers at 3CX did not yet have a patch or fix for the vulnerability, the recommended action plan was to remove the 3CX Desktop Application from all client systems.

Before we began to remove the application from our client systems, our team preemptively called each of our clients to make them aware of the exploitation, and our plan of action to mitigate the risk. The team swiftly removed the software from all our clients’ systems.

Without an MSP watching your back, this exploit could cripple business systems and stop business operations cold in their tracks. Proprietary data could be stolen, harvested, and sold back to clients for a ransom. An MSP is here to protect you and your business from the constant barrage of cyber threats that exist every day in our modern world.

I want to take this opportunity to thank the CCP Technologies team for their quick response to this critical security risk. Their courage and dedication have helped to protect our customers from a potentially devastating attack.

What You Can Do

If you are a 3CX customer but not yet a CCP Technologies customer, you should immediately remove the 3CX Desktop Application from your Computer Systems. Do not reinstall the application until a fix is made available by the 3CX team. If you can operate using the Web Client only, no further action is necessary.

You should also take the following steps to protect your systems from future attacks:

• • Keep your systems up to date with the latest security patches, or hire an MSP, like CCP Technologies to do it for you.

• • Use strong passwords and enable two-factor authentication whenever possible.

• • Be careful about the websites you visit and the files you download.

• • If you think you may have been the victim of an attack, contact your IT department immediately.

I need more help.

If you need help with your company’s cybersecurity, we are here to help.  Contact us for a Free IT Consultation.  In the meantime, read about what others have said about our services.  

Thank You

I want to thank you for trusting us to be your Managed Service Provider and Technology Partner and allowing us the opportunity to mitigate this critical security risk, monitor your systems and look out for you, our customer. Your safety and security are our top priority.

Sincerely,

Ross Feldman

vCIO & Digital Advisor, CCP Technologies