More than 1000 organisations worldwide have had their corporate phone systems hacked by cybercriminals
Attackers can eavesdrop on calls, as well as make money-making calls to premium-rate numbers
Security researchers have uncovered an organised gang of cybercriminals who are compromising the VOIP phone systems of over 1000 organisations worldwide.
Research published by Check Point has identified a malicious campaign that has targeted a critical vulnerability in the Sangoma PBX open-source GUI, used to manage installations of Asterisk - the world's most popular VOIP phone system for businesses.
The vulnerability (known as CVE-2019-19006) can be exploited by an attacker to gain administrator rights over a compromised business phone system, which can be exploited in a variety of ways including making outgoing phone calls without the knowledge of the affected company.
According to researchers, one attack sees hackers earning substantial revenues by making unauthorised calls to premium-rate phone numbers that they may have themselves set up.
Hackers further monetise their compromise of business phone systems by selling phone numbers and access to other criminals. Indeed, private Facebook groups exists where the cybercriminals share information and tools that can assist in a hack.
According to the researchers, examination of the members of the Facebook groups reveal that most of the attackers appear to be based in Gaza, the West Bank and Egypt.
Worryingly, with unrestricted access to a company's telephone system it is even possible for criminal hackers to eavesdrop on legitimate business calls, launch attacks on third-parties by posing as an employee of the compromised business, or spread their attack laterally further across the corporate network.
The researchers have identified 20 countries who have had corporations targeted by the VOIP phone hackers, with most located i ..
Support the originator by clicking the read the rest link below.
