3CX is facing backlash from customers who are dissatisfied with how the company has handled the recent security incident. Initially, the company dismissed reports of malware as false positives and some users claim they were even told to pay for a support ticket to resolve the issue. CEO Nick Galea has admitted that the company should have acted sooner, but tried to defend their actions by saying false positives happen frequently with VoIP apps. This explanation falls short and fails to address the real issue at hand
According to a report by Mandiant, the security firm investigating the incident, the attackers had extensive access to the company’s systems and data. The full extent of the damage is still being assessed, but it is clear that the attackers had ample time to cause significant harm.
ReversingLabs’ blog pointed out that the attack was sophisticated and had clear indicators that should have tipped off the company before the customer systems were affected. The full extent of the damage is still being assessed, but it is clear that the attackers had ample time to cause significant harm.
CISA has issued an alert advising organizations to search for Indicators of Compromise (IoCs) in response to the attack. In addition, several leading cybersecurity companies such as Symantec, CrowdStrike, Rapid7, Trend Micro, and SentinelOne have published information and tools to assist organizations in responding to the attack. These companies have released blog posts with IoCs, analysis, and other resources to help their customers assess the impact of the attack and secure their systems.