News broke today that security experts Check Point have detected a series or worldwide attacks directed at VoIP servers across the globe. The attacks affected FreePBX® and PBXact® by exploiting a previously discovered authentication bypass vulnerability, CVE-2019-19006.
The attacks were part of a larger campaign targeting VoIP phone systems, in which the hackers’ goal is to sell phone numbers, call plans and access to VoIP services. This resulted in abuse of the servers to make outgoing calls to premium-rate phone numbers to generate income.
The security breach raises questions about the use of open source PBX systems; while these can be very low cost, and even free, businesses need to ask if it is worth the risk.
What’s the deal with this hack?
In a nutshell, the security breach details can be summarized as follows:
- The attack exploits CVE-2019-19006, a critical vulnerability discovered in 2019 and impacting FreePBX® and PBXact® systems.
- The hackers used the vulnerability to access VoIP servers and gain admin control of both the phone system and servers.
What did hackers do with the compromised servers?
The hackers carried out these attacks primarily to use the PBX servers to generate revenue, which they did in three ways:
- Selling phone numbers or call plans – Hackers or their clients could make outgoing calls from the compromised company’s phone system without being detected. Outgoing calls are a considered normal activity, so they would not activate any security alert.
- Selling server access – They would sell admin access to the server to the highest bidder, who could then use the system resources to generate income through activities such as crypto-mining or launching attacks on outside systems. While doing this, it would appear that attacks and other activities came from the company with the breached system.
- International Revenue Share Fraud (IRSF) – Some types of premium rate international numbers cost the callers significantly, and generate considerable revenue for the owner of the phone number. The more calls they receive, and the longer they are, the greater the revenue. In some cases, the hackers in question would use the phone system to call their own premium rate numbers, generating revenue at the expense of the business whose server was hacked.
For full details of the security breach, how it was achieved and what the hackers did, see this article.
Secure, Flexible, Affordable: 3CX
3CX implements the latest technologies to ensure security of your communications, and regular updates safeguard from fresh vulnerabilities.
By Jacob Wall|November 6th, 2020|https://www.3cx.com/blog/voip-howto/asterisk-security-breach/