Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Confirmed: At least four IP PBXes in Norway part of the attack


The SIP attack yesterday hit several Norwegian IP addresses, where several insecure IP PBXes were located. The attacker managed to several of these ringing the Citibank number. I have confirmed from different sources that minimum four PBXes were abused the last 24 hours. These were Cisco and Asterisk PBXes, but configured insecure. There were no abuse of security holes or similar, only totally insecure configuration.

I will recommend all IP PBX owners and VoIP Service Providers to check if it is tried calling to the Citibank number (+442075005000). The attacker has tried different prefixes in front, so search for the digits “%442075005000”.

Also check my previous blog about how to secure your VoIP equipment.
[ad]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: