November 5, 2020
That’s according to new research by Check Point Software Technologies. Most of the hackers are in Gaza and the West Bank.
Asterisk VoIP is the world’s most popular VoIP phone system for businesses. Many Fortune 500 companies use it for their national and international telecommunications.
The attack exploits a critical vulnerability in Sangoma PBX. It grants the attacker administrator access to the system and gives them control over its functions.
The group’s main purpose is to sell targeted organizations’ phone numbers, call plans and live access to compromised VoIP services to the highest bidders. They can then exploit those services for their own purposes.
Impact on Organizations
Adi Ikan is Check Point‘s head of network cybersecurity research.
Check Point’s Adi Ikan
“By manipulating the VoIP system to conduct outgoing calls, organizations were exposed to pay extraordinary charges on their telephone expenses,” he said. “In addition, attackers can leverage this attack, creating further damage like shutting down VoIP services, and for utilizing system resources for purposes like cryptomining.”
A common practice associated with these attacks is known as international revenue share fraud (IRSF). Attackers can inflate traffic by calling the premium-rate numbers they own from the hacked VoIP phone system. The more traffic hits these premium-rate numbers, the more revenue their owners receive. This motivates attackers to look for ways to boost and inflate traffic volume in any way possible.
Although the attackers don’t target specific industries, they continuously scan and attack vulnerable SIP servers with the vulnerability.
The malicious hackers have targeted nearly 1,200 organizations globally over the past year. That includes 93 enterprises in the United States, 631 in Great Britain, 255 in the Netherlands, 171 in Belgium and 57 in Colombia. The hackers also have targeted enterprises in Germany, France, India, Italy, Canada, Australia and others.
“There are still attacks related to this campaign in the wild,” Ikan said. “And there is a significant increase in the past few months.”
Bad Actors Increasingly Focus on VoIP
This campaign is part of a global series of related attacks, and is a “very good example” of the wide phenomenon in which many hackers focus on exploiting VoIP servers for monetization, Ikan said.
“There are many groups on social media in which hackers share technical information on how to conduct such attacks, and advertise their services related to that,” he said.
Losses from global telecoms fraud exceeded $28 billion last year, according to the Communications Fraud Control Association (CFCA). VoIP PBX hacking is one of the top five fraud methods.
Organizations should ensure their VoIP systems are fully patched with the latest updates, Ikan said. Furthermore, they need to monitor their VoIP activity within their network.
“In addition, security products such as intrusion protection system (IPS) provide protections against such threats,” he said.
Read more about:Agents
About the Author(s)
You May Also Like
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023
People on the Move: Comcast, Cisco, NICE, TPx, Barracuda, MoreNov 29, 2023
AWS re:Invent 2023 Partner News: Marketplace, Salesforce, Certs, MoreNov 29, 2023
AWS re:Invent Expo: VMware, Snyk, HPE, More Showcase Cloud, Security, AINov 28, 2023