Fraudsters take over your PBX

Over the past 2 days Durham Police Cyber Team have been made aware of 6 businesses across the region who have had the business PBX telephone exchanges exploited, some of the bills they face run into thousands of pounds. Some of the lines are hosted by a 3rd party and some are owned by the business themselves.

The attacker has hacked into the systems and then made calls through the telephone system to international premium rate numbers.

This has occurred towards the end of 2015 when businesses have been closed for a weekend and also over the Christmas period.
This article from 2014 explains it more.

http://www.actionfraud.police.uk/fraudsters-hacking-into-phone-lines-and-making-premium-rate-calls-costing-organisations-millions-jul14

In the majority of cases firms have not changed the default passwords/PIN on the equipment they have been provided with. Changing the password is a very easy way to help prevent it.

As you can see in the article there are easy ways to help prevent this kind of fraud.
  • Use strong pin/passwords for your voicemail system, ensuring they are changed regularly.
  • If you still have your voicemail on a default pin/password change it immediately.
  • Disable access to your voice mail system from outside lines. If this is business critical ensure the access is restricted to essential users and they regularly update their pin/passwords
  • If you do not need to call international numbers/premium rate numbers, ask your telecoms provider to place a restriction on your telephone line.
  • Consider asking your network provider to not permit outbound calls at certain times e.g. when your business is closed
  • Ensure you regularly review available call logging and call reporting options.
  • Regularly monitor for increased or suspect call traffic.
  • Secure your exchange and communications system, use a strong PBX firewall and if you don’t need the function, close it down!
  • Speak to your maintenance provider to understand the threats and ask them to correct any identified security defect.

DC Jonathan Stoker
Durham Constabulary
Cyber Investigation.

This fraud was posted on the North Regional Node of the CiSP, businesses can get the latest information about threats and how to mitigate against them on there.  Find out how to join the CiSP by  contacting the CiSP champion Dave Lloyd of Signacure Resilience at DaveL@signacure.co.uk or DS Martin Wilson at martin.wilson@durham.pnn.police.uk.