Researchers at Check Point have uncovered a fraud operation targeting more than 1,200 business VoIP phone systems worldwide.
Hackers are exploiting vulnerabilities in the popular Sangoma and Asterisk VoIP phone systems to gain control of the system. They then seek to monetize that access by selling auto-generated calls and forcing systems to call premium numbers owned by the hackers to collect revenues, without the targeted business being aware.
The attackers also sell phone numbers, call plans, and live access to compromised VoIP services to the highest bidder, who can then exploit those services for their own purposes. In some cases, hackers are believed to have eavesdropped on a target organizations’ calls too.
The operation is led by hackers in Gaza, West Bank and Egypt, with the most targeted countries being UK (52 percent), Netherlands (21 percent), Belgium (15 percent), US (seven percent) and Colombia (five percent).
Derek Middlemiss, security evangelist, EMEA at Check Point says, “This cyber fraud operation is a quick way to make large sums of money. More broadly, we’re seeing a widespread phenomenon of hackers using social media to scale the hacking and monetization of VoIP systems this year. Hackers are creating dedicated social media groups to share insights, technical know-how and advertise their conquests. This is how these hackers from Gaza, West Bank and Egypt were able to organize themselves to scale a global cyber fraud operation. I expect this phenomenon to continue into 2021. We strongly urge organizations everywhere that use VoIP systems to ensure they’ve implemented the latest patches. You’ll avoid some costly and unexpected payments.”
There are patches available to close the vulnerability which businesses are urged to apply. They should also analyze their calling patterns and billing on a regular basis to check that they haven’t been compromised.
You can read more on the Check Point blog.