Skip to main content
close search
site logo

3CX has a 7-part plan to shore up its security

The company is planning significant security upgrades and changes to network operations after a historic attack from a state-linked actor.

Published April 20, 2023
David Jones's headshot
Reporter
Futuristic electronic semiconductor and telecommunication network concept
Futuristic electronic semiconductor and telecommunication network concept. Danai Jetawattana via Getty Images

3CX has launched a major effort to harden its network security as part of a seven-point plan following a report from Mandiant that revealed a historic supply chain attack linked to suspected North Korea-based threat actors. 

3CX was hit by a supply chain attack after an employee downloaded compromised software from Trading Technologies, a financial software company that had previously been the target of a malicious cyber intrusion, Mandiant found in its investigation released Thursday. 3CX hired Mandiant as part of its incident response effort.  

“While Mandiant’s investigation is ongoing, we now have a clear overall understanding of the attack,” Agathocies Prodromou, chief network officer at 3CX, said in a blog post

The Cybersecurity and Infrastructure Security Agency also released a malware analysis report on IconicStealer, an information stealer used in the 3CX attack. Officials praised the efforts to mitigate the attack, noting that a more catastrophic outcome was likely prevented. 

“CISA continues to work with government and private sector partners to understand impacts from this intrusion campaign,” an agency spokesperson said via email. “In many cases, outstanding work by the cybersecurity community avoided significant harm for many potential victims.”

3CX CEO Nick Galea said the company is drafting what it calls the EFTA Security Charter, with seven steps designed to harden the company network and enhance procedures. The changes include efforts to: 

  • Create a dedicated build environment that is hardened and isolated. This effort includes plans to employ 24/7 offsite monitoring, implement EDR monitoring tools and enable stricter access policies based on a zero trust model.
  • Revamp build security with increased static and dynamic code analysis and evaluate possible code signing and monitoring solutions.
  • Conduct an ongoing product security review with Mandiant to identify vulnerabilities. This includes the web client, Electron app and internal API and communication libraries.
  • Release update 7A next week, which will include the progressive web application as the preferred option. The company is also adding hashed passwords and removing passwords from the welcome email.
  • Hiring a firm to conduct ongoing penetration testing of the network, online applications and product. 
  • Formalize a crisis management and alert handling plan.
  • Create a dedicated network operations and security department led by Prodromou, who will report directly to the CEO.
Filed Under: Strategy, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell