The Irish communications regulator, ComReg, has issued a warning to Irish businesses about PBX hacking.
Apparently Irish businesses are being targetted by hackers who are then able to abuse business phone systems to make phone calls and run up massive bills. Comreg report that they’ve had over 16 cases reported to them in the last 3 months, with one company being hit for over €30 thousand euro!
As VOIP systems are increasingly popular in business (we use it ourselves) these kind of attacks will probably increase, as the hackers are able to exploit the remote access ports:
The problem is that business phones, often known as PBXs, have features on them which may allow unauthorised third parties to dial into the system and place calls through the system without the knowledge of the systems owner. Also in many cases businesses use external parties to maintain their phone systems which means that external access to a PBX is required. PBXs have maintenance ports to enable these maintenance companies to dial in to the phones to diagnose problems. Unfortunately these access ports are often left open and have either weak or default passwords which are known by and easily exploited by hackers.
What can you do?
Change passwords and make sure that you don’t have features enabled that you don’t need. Disabling access to premium rate numbers might also help.
Thanks to IRISS who alerted us to this.