Over the past year more than 1,000 companies have become victims of a hacking campaign that has targeted VoIP (Voice over Internet Protocol) phone systems. The attackers have been exploiting known vulnerabilities in order to gain remote access to VoIP accounts and then selling access to the compromised accounts to the highest bidder.
It’s been reported that the attackers have been using these compromised VoIP accounts primarily to dial premium rate numbers that they own, as well as selling phone numbers with call plans that can be used without any additional charges. However, unauthorised access to these VoIP systems provides the hackers with the capability of carrying out much more menacing forms of attacks.
Once the attacker has infiltrated a VoIP system, they are able to listen in on phone calls or even use the compromised system for crypto-mining. This infiltration may also be used by the hackers as a springboard to access wider networks and launch a larger scale attack.
Cybersecurity researchers at the cyber threat intelligence company, Check Point, published a report detailing the exploit. They say that one hacker group in particular has deployed attacks across 20 countries that targeted 1,200 organisations and infiltrated their VoIP systems. More than half of these victims are based in the UK and are believed to be spread across multiple industries, including military, government, finance, manufacturing and insurance.
A significant vulnerability in both Sangoma and Asterisk VoIP phone systems (CVE-2019-19006) is what leaves systems susceptible to an attack. The vulnerability allows remote access to the VoIP system without any kind of authentication at all.
A security patch was released last year that addresses the vulnerability, however many companies are yet to apply the patch and cyber criminals are taking full advantage of this. If your organisation uses these VoIP systems, ensure that you are up to date with any security patches for these systems. Even if you use a different phone system, this should be a reminder to always confirm that you are up to date with security patches for all systems and services across your network.