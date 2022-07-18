ContributorsPublishersAdvertisers
Technology

Elastix VoIP systems targeted by massive malware campaign

By Sead Fadilpašić
TechRadar
TechRadar
 2 days ago
https://img.particlenews.com/image.php?url=3nDfDs_0gjSbOI900
(Image credit: Shutterstock)

A number of different threat actors have attacked VoIP (opens in new tab) telephony servers belonging to Elastix with more than 500,000 different malware (opens in new tab) samples between December 2021 and March 2022, researchers have claimed.

Elastix is a unified communications server software, bringing together IP PBX, email, IM, faxing and collaboration tools.

The researchers are speculating the attackers exploited CVE-2021-45461, a high-severity (9.8) vulnerability that allows for remote code execution. Their goal was to set up a PHP web shell that would allow them to run arbitrary code on the compromised endpoints.

Blending into the environment

Experts from Palo Alto Networks’ Unit 42 who first spotted the campaign said two separate attack groups, using different methods to exploit the flaws, tried to deploy a miniature shell script, which installs a PHP backdoor and gives the attackers root access.

"This dropper also tries to blend into the existing environment by spoofing the timestamp of the installed PHP backdoor file to that of a known file already on the system," the researchers noted.

The IP addresses of the groups are in the Netherlands, it was further explained, but DNS data points to Russian adult sites. The payload delivery infrastructure is only partially active, at the moment.

The campaign is still ongoing, the researchers concluded.

Depending on the campaign goal, enterprise servers are sometimes a higher-value target than computers, laptops, or other company endpoints. Servers are usually more powerful devices, and could be used, for example, as part of a potent botnet delivering thousands of requests per second.

Servers can also be used to deploy cryptomining software, earning valuable cryptocurrencies for their attackers. And finally, if the servers are shared (for example, in a cloud environment), a potential data breach could compromise multiple companies at once, and all of their customers, combined.

Via: BleepingComputer (opens in new tab)

https://img.particlenews.com/image.php?url=3pe8ik_0gjSbOI900

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Comments / 0

Related
TechRadar

This serious firmware flaw affects a whole load of Lenovo laptops

Three serious security vulnerabilities has been discovered, and patched, across a whole slew of Lenovo laptops. Cybersecurity experts from ESET uncovered the issue in the ReadyBootDxe driver used by some Lenovo notebooks, as well as two buffer overflow issues found in the SystemLoadDefaultDxe driver, potentially allowing threat actors to hijack the startup routine of Windows installations.
COMPUTERS
TechRadar

Over two billion passwords were leaked by hackers in 2021

Over the course of 2021, hackers managed to steal more than two billion passwords (opens in new tab), a new report from ForgeRock has claimed. The company’s fourth annual breach report found that besides passwords, hackers have also been stealing people’s names, addresses, Social Security numbers, dates of birth, protected health information (PHI), and payment or banking details.
PUBLIC SAFETY
IN THIS ARTICLE
#Elastix#Malware#Voip#Al Jazeera Balkans#Unified Communications#Im#Cve 2021 45461#Php#Palo Alto Networks#Ip#Dns#Russian
TechRadar

Microsoft reverses ban on open source software sales

Microsoft has done an about-turn on its decision to ban the sale of open source software in its app store following uproar from the developer community. The change follows a recent report that the company was set to delay the introduction of new rules that would ban open source software on the Microsoft Store, which had initially been planned for this week.
BUSINESS
YOU MAY ALSO LIKE
NewsBreak
Technology
Country
Netherlands
makeuseof.com

How to Replace Google Play Services on Android With MicroG

Many of us are now looking for ways to break our dependency on Google, but on Android, that can mean having to give up access to all the software available on Google Play. Even apps that don’t come from the Play Store often still rely on Google Play Services. Does that mean all is lost?
CELL PHONES
TechRadar

Amazon Prime Day 2022 India: Want to bag the best deal?

The Amazon Prime Day 2022 in India is set to arrive in a few days' time and there are likely millions of Prime members who are eyeing a new smartphone or a smart watch or a consumer electronic product, and so on, for the sale is exclusively for Prime members.
LIFESTYLE
TechRadar

FBI warns against fake crypto apps that have already stolen millions

The Federal Bureau of Investigation (FBI) is warning American citizens to be extra careful when downloading cryptocurrency and investment apps, as some of them are fake and designed only to steal victim's money. "The FBI has observed cybercriminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and...
PUBLIC SAFETY
Apple Insider

Latest iOS 15 and macOS 12 updates contain critical security patches

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. — Nearly every operating system update contains fixes for security vulnerabilities, and the latest releases are no exception. Find out what has been patched byiOS 15.6, macOS 12.5, and the others.
COMPUTERS
Android Authority

How to scan a QR code on Android

Reading a QR code these days couldn't be easier. The Quick Response code (or QR code) was introduced way back in 1994, but never really took off until decades later when the COVID-19 pandemic created a need for a quick, easy, and (most importantly) touch-free way of distributing information. Scanning...
CELL PHONES
TechRadar

Huawei outlines vision for 10Gbps '5.5G' networks

Huawei says medium-term developments in 5G technology will deliver mobile broadband speeds of up to 10Gbps within five to ten years, unlocking a new generation of industrial use cases. The Chinese tech giant uses the term "5.5G" to describe future advances that bridge the gap between the current generation of...
TECHNOLOGY
TechRadar

OpenDocument malware scams target hotels across the world

Security experts have recently discovered hackers on a particularly stealthy mission to compromise hotels in Latin America using OpenDocument text files. The unknown hackers are using a rarely seen phishing method that seems to be working out well so far, with the detection rate on VirusTotal for the malicious files being used was zero less than two weeks ago.
PUBLIC SAFETY
TechRadar

This creepy macOS backdoor spies on you without you noticing

A newly discovered macOS malware has been spying (opens in new tab) on users, and using the public cloud as its command & control (C2) server. According to researchers from ESET, the goal of the campaign is to exfiltrate as much data from the targets as possible. That includes documents, email messages and attachments, as well as file lists from removable storage. What’s more, the spyware is capable of logging keystrokes and grabbing screenshots.
COMPUTERS
TechRadar

TechRadar

42K+
Followers
43K+
Post
5M+
Views
ABOUT

Its mix of genuine and reliable advice alongside entertaining and fun to read editorial content is why millions of people trust TechRadar to give them tech advice on everything from the latest smartphone releases to the best in digital cameras.

 http://www.techradar.com

Comments / 0

Community Policy