IT Company will reduce threats from hackers using VoIP systems.
Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers.
Companies of all shapes and sizes use them to unify their communications, and it is especially attractive because they can be used with the Digium phones module for FreePBX.
So far, the team has collected more than half a million malicious code samples over a three-month period. An analysis of those code samples reveals that the attackers exploit a remote code execution vulnerability. It is being tracked as CVE-2021-4561 and carries a severity rating of 9.8 out of ten.
Security researchers report that hackers have been exploiting this flaw since December 2021.
IT Companies can solve the hacker issue and protect your systems.
Based on the code samples collected, the Unit 42 team believes that the attackers' goal was to plant PHP web shells on successfully penetrated systems. That would allow them to execute arbitrary commands on the compromised servers.
Another security firm, Check Point, confirms Unit 42's findings, and both teams stress that the campaign is still ongoing. Worse, it appears that there are two different groups involved in the attack. Although it is not currently known whether they are coordinating their efforts or if that fact is coincidental. Perhaps it is a case of one following the other so as not to miss out on an opportunity.
The attackers behind the campaign are both clever and technically savvy. They've built in some good anti-detection strategies into the attack, such as masking the name of the back door so that the file name resembles that of a known file already on the system. It would take a sharp pair of eyes indeed to spot it.
If you use Elastix VoIP, be sure your IT company in Woodstock is aware of this threat.