Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This mysterious hacking campaign snooped on a popular form of VoiP software

October 5, 2019
in Internet Security
This mysterious hacking campaign snooped on a popular form of VoiP software
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

How voice is becoming more controversial
Tonya Hall speaks with Preston So, director of research and innovation at Acquia, to discuss how voice is now moving from just recognizing words to understanding intent.

A hacking campaign is targeting one of the world’s most popular services for making voice over IP phone calls, allowing the attacker to snoop on who people are calling and when they’re calling them, listen to recordings of conversations and send out spoof calls which look like they come from legitimate number of the compromised user.

You might also like

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Cybercrime groups are selling their hacking skills. Some countries are buying

Why would you ever trust Amazon’s Alexa after this?

The attack has been detailed during a presentation by Check Point researchers at the Virus Bulletin 2019 conference in London.

Security researchers have traced the initial attacks back to between February and July 2018 when an attacker was performing scans on over 600 companies across the world which use Asterisk FreePBX – a popular form of open source VoiP software.

The attacker then went quiet for months before re-emerging this year, targeting a US based server owned by an engineering company which provides services to the oil, gas and chemical industries.

That Asterisk server was then targeted with a custom-built PHP web shell exploiting a known vulnerabilities, allowing the attacker to remotely control the server as if they were using the keyboard and mouse connected to the system.

This kind of attack is often used to help deploy cryptomining malware, but this campaign was something more sophisticated – the attacker used commands to extract and read the contents of call files, allowing them to examine the histories of calls made by the user of the Asterisk system.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

Stealing this metadata can provide the attacker with a lot of information and indicates the attacker knows what they’re doing.

“Using this web shell they can navigate through directories and execute commands they can download and upload directories and read files, reading the call files stored in the local server,” Oded Awaskar, security researcher at Check Point Software told ZDNet.

“And there can be recordings of calls if the admin has set the recording feature on, which most do for auditing. That means the attacker can pull the recordings to his server and listen to what was said. They gain complete control of the server,” he added.

Snooping on that metadata could potentially be used for the purposes of espionage, but the attacker can also use Asterisk to spoof calls to look as if they come from the compromised Asterisk user.

The attacker covered their tracks, so it wasn’t possible to identity who they called from the compromised system or why.

Check Point told ZDNet the research has been disclosed to Asterisk and that the vulnerability which enables the attack to take place was patched before the attack was first spotted. Researchers recommend that users apply patches to software, operating systems and servers to keep systems as secure as possible.

ZDNet contacted Asterisk for comment, but hadn’t received a response at the time of publication.

READ MORE ON CYBER CRIME

 

 

Credit: Zdnet

Previous Post

BitMax.io‘s Follow-up Statement Regarding Delisting Decision of DeepCloud AI

Next Post

Why Do Smart People Say Dumb Things About AI?

Related Posts

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
Next Post
Why Do Smart People Say Dumb Things About AI?

Why Do Smart People Say Dumb Things About AI?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021
  • Key Company Profile, Production Revenue, Product Picture and Specifications 2025 February 28, 2021
  • Cybercrime groups are selling their hacking skills. Some countries are buying February 28, 2021
  • Machine Learning May Reduce Mental Health Misdiagnosis February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates