Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Confirmed: At least four IP PBXes in Norway part of the attack

The SIP attack yesterday hit several Norwegian IP addresses, where several insecure IP PBXes were located. The attacker managed to several of these ringing the Citibank number. I have confirmed from different sources that minimum four PBXes were abused the last 24 hours. These were Cisco and Asterisk PBXes, but configured insecure. There were no abuse of security holes or similar, only totally insecure configuration.

I will recommend all IP PBX owners and VoIP Service Providers to check if it is tried calling to the Citibank number (+442075005000). The attacker has tried different prefixes in front, so search for the digits “%442075005000”.

Also check my previous blog about how to secure your VoIP equipment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: