Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers have been exploiting a flaw in an open source PBX platform since at least 21 August; fix is now deployed.
The developers of an open source private branch exchange (PBX) platform have warned of a zero-day vulnerability that is being actively exploited by malicious actors.
“The Sangoma FreePBX security team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet, and we are working on a fix, with expected deployment within the next 36 hours,” the team said in a 27 August post to the FreePBX community forum.
Thankfully, by 28 August, that fix was available; however the security team suggested that users continue to restrict access to the platform’s administrator control panel.
“Users are advised to limit access to the FreePBX Administrator by using the firewall module to limit access to only known trusted hosts,” the security team said.
However, despite the security team’s efforts, some users have reported widespread exploitation of their networks.
“We are reporting that multiple servers in our infrastructure were compromised, affecting approximately 3,000 SIP extensions and 500 trunks,” one user said.
Another noted that users “should consider everything compromised”.
“They were in your system for almost a week doing things. Whether or not they got SIP creds is lower on the list compared to how much damage they did and how many backdoors there might be.”
“As part of our incident response, we have locked all administrator access and restored our systems to a pre-attack state. However, we must emphasise the critical importance of determining the scope of the compromise.”
Benjamin Harris, CEO of cyber security firm watchTowr, told Cyber Daily that backdoors were being widely deployed.
“We are seeing active exploitation of FreePBX in the wild with activity traced back as far as August 21 and backdoors being dropped post-compromise,” Harris said.
“While its early, FreePBX (and other PBX platforms) have long been a favourite hunting ground for ransomware gangs, initial access brokers and fraud groups abusing premium billing. If you use FreePBX with an endpoint module, assume compromise. Disconnect systems immediately. Delays will only increase the blast radius.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
