UC Channel Update

by | Apr 19, 2023 | Latest News, UC Update

In this update:

  • 3CX’s Security Update information – Desktop App targeted in attack
  • How to get in touch with our UC team
  • Upcoming 3CX webinars
  • 24/7 call centre – can you help?
  • Grandstream’s GWN product range
  • Grandstream’s GWN780X Layer 2+ switch video guides
  • Yealink promotions
  • 3CX partnership – not a partner yet? Come and join us!
  • Case studies – stories sell products!
  • Demo equipment
  • Join our LinkedIn UC community to see news first
3CX’s Security Update information – Desktop App targeted in attack
It’s important we cover what has happened, all the official communications and latest information. 3CX has been the target of a security attack – this unfolded on Thursday 30th March. The key piece of technology that was targeted is the 3CX Desktop App based on Electron technology. There has been some confusion as to which app is which. There are several softphone options from 3CX which are:
  • WebClient – operates from within your browser – Chrome or Firefox.
  • PWA (Progressive Web App) – browser-based technology but as a separate window – 3CX’s preferred option for customers to use and further developments are occurring.
  • Legacy Windows softphone – development was stopped in 2021, but this is the backup and many customers still use this.
  • Desktop App – separate app that looks like the WebClient and PWA but is an app vs browser-based and based on the Electron technology. This is the one that has been attacked.
I have spoken or e-mailed with many of our NZ partners during this evolving situation. Being at the bottom of the world it felt like a long few hours before 3CX issued an official statement, I can assure all partners we were reading the reports from the security vendors as they were released, trying every avenue to make contact with the 3CX team in Cyprus in the small hours of the morning their time, and updating our advice as this evolved, and all prior to 3CX’s first statement being issued. 3CX were aware and working on discovering the issue prior to issuing a statement – they had to investigate before they could comment.

 

Here’s the timeline and links to the information released:
  • Thursday 30th March
    • Reddit publishes the CrowdStrike warning around the 3CX Desktop Application early NZ time.
    • Soft Solutions issued an e-mail as more information evolved with the advice to use the WebClient and remove the Desktop App until more was known.
    • 3CX issues statement around 5pm NZT and opens a specific forum thread – this advises they’ve been alerted and are investigating, advice is to use the WebClient or PWA (Progressive Web App).
    • 3CX issues 2nd statement overnight NZT stating they have appointed Mandiant, a leading cybersecurity firm, to investigate the situation. Advice continues to be to use the WebClient or PWA.
  • Friday 31st March
    • 3CX e-mail all partners around the security incident and their advice at this early point.
    • Soft Solutions issues a further e-mail with links to the blogs and forum and advice on not using the Desktop App until more information is advised. Also, to continue to monitor the blogs and forum.
    • Chrome blocked the latest 3CX MSI installer – blog update.
    • Electron App vs PWA or Windows Legacy App blog posted with the reasoning and what is and isn’t possible with each app.
    • Uninstalling the Desktop App blog posted with detailed instructions.
    • Forum is being updated and Nick Galea is adding additional information as he can.
  • Saturday 1st April
    • 3CX e-mail all partners thanking them for their support, apologising for the issue and offering to extend all 3CX paid licenses by 3 months; offering partners FREE 4-SC Pro subscriptions (Bronze = 2, Silver = 5, Gold = 10, Platinum = 15, Titanium = 20).
    • Security Incident Update – detailed blog on what has happened, what 3CX is doing, the recommendations, and how to stay in the know.
    • Forum continues to be updated.
  • Sunday 2nd through to Wednesday 5th April
    • Security Incident Update e-mail to all partners explaining what has happened, what they’re doing and more on the extension of paid licenses by 3 months.
    • Updates in the forum thread and Nick Galea and team continue to answer comments and offer guidance.
  • Thursday 6th April
  • Friday 7th April
  • Monday 10th April
    • Partner offers published on the blog acknowledging the challenge everyone has faced and that partners have stood by 3CX throughout. Key offers here: 15% cashback on 2023 sales (the exact details on how that will work are yet to be announced and it will be done at the end of the year/beginning of 2024); 2023 partner targets decreased back to 2022 level with exception of Bronze who stay at US$1000 target as the target in 2022 was higher; extensions to the planned changes of 4-SC FREE licenses; extending paid licenses by 3 months (should be applied soon).
  • Tuesday 11th April
    • 3CX e-mail all partners confirming the 3-month extension of paid licenses, reduction of targets, 15% cashback offer for 2023 sales and include links to the forum for staying up-to-date.
    • Mandiant’s initial response released via a blog post. The attack has been attributed to a cluster named UNC4736 believed to be North Korean based. This is a detailed blog with technical information around the findings.
    • Update 7A is announced via blog. Key features of this update are: BLF panel for the PWA dialler; more prominent information on the PWA being the preferred dialer option; hashing of passwords; removal of password and config information from the Welcome e-mail template; and being able to restrict admin access by IP. The timeline for this upcoming release is QA in the coming days, will be reviewed by Mandiant and then the following week Alpha and Beta with the expectation it will be released as final the following week. While working rapidly 3CX are also ensuring that the updates is thoroughly tested.
  • Thursday 13th April
    • A new blog has been released around how to enable auto-start and push notifications with the PWA (Progressive Web App). Steps for both Windows and Mac platforms are on the blog here. This addresses a key concern in terms of the PWA vs Desktop App and missing calls.

 

As you can see, 3CX have done their utmost to keep their partners and customers alike informed through this very difficult time and looked at how to thank their loyal partners as well. The security issue, as known, is limited to the Desktop App. While a new safe version has now been released, the advice is to use the WebClient or PWA as much as possible. It is very important to stay informed – visit the 3CX blog, the forum thread, and our Soft Solutions LinkedIn UC Group.

 

If you have questions, need clarifications please reach out to me directly – Megan Twentyman, BDM Unified Communications.

 

If for some reason, you read this newsletter online and don’t receive the e-mail directly – please reach out to uc@sofsol.co.nz so we can check your e-mail settings.

 

How to get in touch with our UC team

 

Sometimes you don’t know who you should be reaching out to. Be assured all of our SofSol team will guide you to the right people, but here’s a quick overview of where queries can be directed:

 

  • sales@sofsol.co.nz – our team help with pre-sales enquiries including quoting, stock availability etc. E-mails are managed via a ticketing system.
  • admin@sofsol.co.nz – our Admin team will process your orders, help with payments, ETAs etc.
  • ucsupport@sofsol.co.nz – we offer free first level support on the UC solutions we sell. E-mails come into a ticketing system that is monitored by our Technical Specialist and Senior Engineer.
  • uc@sofsol.co.nz – if it’s UC related and you’re not sure where to send it then this is the e-mail for you. We all get it and allocate so that you get the answers you need as promptly as possible.
  • megan@sofsol.co.nz – Megan Twentyman is our BDM Unified Communications and brand owner for the portfolio. She’s always happy to chat with you our valued partners from advice, product recommendations or escalations to other team members. We advocate to the vendors for our NZ partners.

 

Our contact phone number is 0800 733 233. We also have our Reseller Portal where you can login and check product pricing and availability; download a pricelist from the “downloads” section; review your open quotes and turn them into orders; check your statement and more. If you don’t have a login already, you can apply online at the sign in page to gain access.

 

Upcoming 3CX webinars

 

Here’s the upcoming webinars around 3CX this month. We’ve noted which webinars are 3CX hosted and our Soft Solutions hosted one as well. We look forward to seeing you online.

 

  • Thursday 30th March
    • Reddit publishes the CrowdStrike warning around the 3CX Desktop Application early NZ time.
    • Soft Solutions issued an e-mail as more information evolved with the advice to use the WebClient and remove the Desktop App until more was known.
    • 3CX issues statement around 5pm NZT and opens a specific forum thread – this advises they’ve been alerted and are investigating, advice is to use the WebClient or PWA (Progressive Web App).
    • 3CX issues 2nd statement overnight NZT stating they have appointed Mandiant, a leading cybersecurity firm, to investigate the situation. Advice continues to be to use the WebClient or PWA.
  • Friday 31st March
    • 3CX e-mail all partners around the security incident and their advice at this early point.
    • Soft Solutions issues a further e-mail with links to the blogs and forum and advice on not using the Desktop App until more information is advised. Also, to continue to monitor the blogs and forum.
    • Chrome blocked the latest 3CX MSI installer – blog update.
    • Electron App vs PWA or Windows Legacy App blog posted with the reasoning and what is and isn’t possible with each app.
    • Uninstalling the Desktop App blog posted with detailed instructions.
    • Forum is being updated and Nick Galea is adding additional information as he can.
  • Saturday 1st April
    • 3CX e-mail all partners thanking them for their support, apologising for the issue and offering to extend all 3CX paid licenses by 3 months; offering partners FREE 4-SC Pro subscriptions (Bronze = 2, Silver = 5, Gold = 10, Platinum = 15, Titanium = 20).
    • Security Incident Update – detailed blog on what has happened, what 3CX is doing, the recommendations, and how to stay in the know.
    • Forum continues to be updated.
  • Sunday 2nd through to Wednesday 5th April
    • Security Incident Update e-mail to all partners explaining what has happened, what they’re doing and more on the extension of paid licenses by 3 months.
    • Updates in the forum thread and Nick Galea and team continue to answer comments and offer guidance.
  • Thursday 6th April
  • Friday 7th April
  • Monday 10th April
    • Partner offers published on the blog acknowledging the challenge everyone has faced and that partners have stood by 3CX throughout. Key offers here: 15% cashback on 2023 sales (the exact details on how that will work are yet to be announced and it will be done at the end of the year/beginning of 2024); 2023 partner targets decreased back to 2022 level with exception of Bronze who stay at US$1000 target as the target in 2022 was higher; extensions to the planned changes of 4-SC FREE licenses; extending paid licenses by 3 months (should be applied soon).
  • Tuesday 11th April
    • 3CX e-mail all partners confirming the 3-month extension of paid licenses, reduction of targets, 15% cashback offer for 2023 sales and include links to the forum for staying up-to-date.
    • Mandiant’s initial response released via a blog post. The attack has been attributed to a cluster named UNC4736 believed to be North Korean based. This is a detailed blog with technical information around the findings.
    • Update 7A is announced via blog. Key features of this update are: BLF panel for the PWA dialler; more prominent information on the PWA being the preferred dialer option; hashing of passwords; removal of password and config information from the Welcome e-mail template; and being able to restrict admin access by IP. The timeline for this upcoming release is QA in the coming days, will be reviewed by Mandiant and then the following week Alpha and Beta with the expectation it will be released as final the following week. While working rapidly 3CX are also ensuring that the updates is thoroughly tested.
  • Thursday 13th April
    • A new blog has been released around how to enable auto-start and push notifications with the PWA (Progressive Web App). Steps for both Windows and Mac platforms are on the blog here. This addresses a key concern in terms of the PWA vs Desktop App and missing calls.

 

24/7 call centre – can you help?

 

There is a 3CX end client in NZ who is looking to partner with another customer that uses 3CX as their telephony system but is operating 24/7. The client is looking for someone to take their after hours, weekends and public holiday calls and enter the details to a simple template or escalate. They’re expecting to pay for this service… but do you have a client that may be a fit for them to partner up with? If you do, please contact Megan Twentyman for more details.

 

Grandstream’s GWN product range

 

As Grandstream continues to expand its GWN networking solutions, they have released both a landing page on their website and downloadable comprehensive guide covering all solutions current and some not yet announced! The GWN range incorporates their WiFi Access Points (indoor and outdoor, WiFi 5 and WiFi 6), Layer 2+ switches, and routers – even better they all come standard with a 3-year warranty. Within the guide, they give information on upcoming releases in the unmanaged switch and router categories. In addition, the guide features case studies from the APAC region, including NZ which are great references to share with potential customers. If you’d like to know more about the GWN range or test out some units from our demo stock, contact us on uc@sofsol.co.nz.

 

Grandstream’s GWN780X Layer 2+ switch video guides

 

The team at Grandstream have released a 3-part video series to help you get started. Each video is 12-16 minutes so a great watch over your morning or afternoon coffee! The purpose of this video series is to show from the basic setup all the way through to more advanced settings to enable you quickly.

 

 

The first 6 models (3 non-PoE and 3 PoE) for 8-port, 16-port and 24-port switches are proving popular with our clients. They can be managed from the GWN.Cloud.

 

If you would like to know more – contact us on uc@sofsol.co.nz.

 

Yealink promotions

 

Q2 is here already, and this means we’ve updated our Yealink promotions page. Some promotions have ended, and a few have been added. There is a quick rundown below, but for full details visit this link:

 

  • The A10 Grand Prix – the simplest way to win a FREE Yealink A10 MeetingBar for ANZ partners. The A10 is the latest MeetingBar to join the Yealink family and this promotion is super simple – runs from now until 30th June 2023. Three simple steps to follow and terms and conditions apply:
    1. Capture a short video (under 5 mins) of a Yealink A10 package being unboxed and set up. Keep it simple!
    2. Share the video on LinkedIn using the hashtag #A10grandprix and tag @Yealink.
    3. Win! The top 10 number of likes will receive 1 FREE Yealink A10 MeetingBar.

Desktop App

  • A30 or A20 MeetingBar + CTP18 + FREE VCH51 – these very popular MS Teams certified MeetingBars are back on a great price special until 30th June 2023 and you receive the VCH51 sharing box for FREE.
  • MVC840 Microsoft Teams Room (MTR) system bundle specials. These bundles have been created especially in NZ with added features to a base system.
  • WH66 Dual DECT Wireless Headset Workstation with WHC60 wireless charger – almost half price while stocks last. This is a current model – and what Megan uses every day!

Desktop App

  • Deal registration promotions – contact uc@sofsol.co.nz for assistance with these:
    1. Headsets – deal register an opportunity for 50 wireless or 100 wired headsets and receive a $50 GiftPay voucher, close the deal by 30th June 2023 and receive a further $50 GiftPay voucher!
    2. MTR – deal register an opportunity receive a $20 Uber Eats Voucher, close the deal by 30th June 2023 and receive a further $30 Uber Eats Voucher.
  • NFR’s – contact Megan Twentyman if you’d like to equip yourselves with NFR’s of any Yealink gear so you can show it to customers. Special pricing will apply as will limits on units. The new A10 has hot NFR pricing!
  • Yealink Microsoft Certifications – complete any of these and tag Soft Solutions on LinkedIn to receive a spot prize!

Desktop App

 

3CX partnership – not a partner yet? Come and join us!

 

If you’re not a 3CX partner, now is a great time to explore how effective the 3CX IP PBX unified communication platform is. We’re sure it will fit several of your client’s requirements – with options for Cloud hosted / on-prem and Linux / Windows installations, it’s highly flexible. 3CX has recently updated its website, but a great overview is straight on their landing page at 3cx.com. To chat about becoming a partner and what 3CX’s expectations are, please reach out to our UC BDM Megan Twentyman. Or, if you’re ready to sign up – use this specific link. Soft Solutions will help speed up your application.

 

Case studies – stories sell products!

 

We value the opportunity to work with you to produce case studies on success stories with our UC brands. If you have a good story to share, please reach out to us on uc@sofsol.co.nz and we can work with you. Case studies help sell the products to another customer. Grandstream have an incentive for GWN case studies but for case studies that we produce we’re happy to shout your team a pizza lunch. Get in touch so we can help you grow through sharing successes.

 

Demo equipment

 

Here at Soft Solutions, we hold a demo pool of Grandstream and Yealink products. This ranges from IP phones, DECT phones to headsets, WiFi Access Points and more. We loan these units out to you our valued partners. It’s a great way to be able to test out units and see if they meet the needs of your clients. A great way to evaluate new offerings ahead of purchase. If you’d like to borrow anything, please reach out to Megan Twentyman our BDM – UC in the first instance.

 

Join our LinkedIn UC community to see news first

 

Our “Soft Solutions NZ UC Community” group has been created so our customers quickly get all the latest news. We post regularly and welcome new members to the group. Keep up to date with upcoming Soft Solutions events, UC-related updates and any other general UC news. Join the LinkedIn group here.

 

The UC Team at Soft Solutions
Phone: 09 306 0450, Freephone: 0800 733 233, E-mail: uc@sofsol.co.nz.
Desktop App