Although the main purpose of this attack is to sell phone numbers and call plans that others can use for free, access to VoIP systems could enable criminals to carry out more attacks, including listening to private calls, of cryptomining or even the use of compromised systems as a starting point for very serious attacks.
According to Check Point researchers, a team hacking has compromised the VoIP networks of nearly 1.200 organizations in more than 20 countries, with more than half of the victims United Kingdom. Industries such as government, the military, insurance, finance and construction are believed to have fallen victim to the campaign.
Apart from the United Kingdom, other countries such as the Netherlands, Belgium, the United States, Colombia and Germany have also been targeted by similar campaigns.
The attacks take advantage of the CVE-2019-19006, a critical vulnerability in telephone systems Sangoma and Asterisk VoIP that allows third parties to access remotely without any form of authentication. A vulnerability was released last year that fixes the vulnerability, but many organizations have not yet implemented it, leaving them Criminals of cyberspace to continue to exploit it.
"Vulnerability is a flaw in bypassing authentication and exploit is available to the public. Once exploited, hackers have administrator access to the VoIP system, which allows them to control its operations. "This will not be detected unless an IT team specifically looks for it," he told ZDNet. Derek Middlemiss, security researcher at Check Point Research.
One of the most common reasons for compromised systems is to make outgoing calls without being aware of the VoIP system, which would allow intruders to secretly call premium numbers they have created in order to charge the hacked organization. And because businesses make many legitimate phone calls to these systems, it would be difficult to detect if one is being exploited. server.
Organizations are advised to change their default usernames and passwords to Appliances, so that they can not be easily exploited and, if possible, regularly analyze call charges for potentially suspicious destinations, traffic volume or call patterns. Most importantly, organizations must implement the required security updates to prevent the exploitation of known vulnerabilities.