【Information Security Alert】Strengthen control mechanisms for VoIP equipment to prevent its use in fraudulent activities due to insecure configurations

publish date : 2024-10-22 update date : 2024-10-22

Source: Ministry of education information & communication security contingency platform

" " ""
Publication Number TACERT-ANA-2024102101100303 Publication Time 2024/10/21 13:30
Incident TypeANA-Vulnerability Alert Discovery Time 2024/10/19 13:30
Impact Level Low
[Subject]
【Information Security Alert】Strengthen control mechanisms for VoIP equipment to prevent its use in fraudulent activities due to insecure configurations
[Content]
Forwarded from the National Institute of Cyber Security NISAC-400-202410-00000030

"The Information Security Institute received external intelligence indicating that recent incidents have uncovered weaknesses in VoIP exchanges that, when accessed via public networks and having weak password vulnerabilities, could lead to the equipment being hijacked by criminal groups for malicious use, such as unauthorized calling and fraudulent activities.
(1) If remote login (Telnet) is enabled by default on networking equipment and exposed to the internet without firewall protection, it becomes highly susceptible to hacker attacks.
(2) If login credentials are brute-forced, the equipment’s settings could be altered to facilitate fraudulent activities. All members are advised to follow the recommended actions to strengthen the inspection and control of VoIP-related equipment. Remote management operations should adhere to the principle of ""default deny, allow by exception"" and ensure that network architecture planning prevents equipment from being exposed to public networks."

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
None
[Recommended Actions]
"Inspect whether VoIP-related equipment is in use within your jurisdiction, and implement the following security control measures:

1.Conduct an account audit, enforcing password complexity, regular password changes, and other password security controls.
2.Disable unnecessary services and communication ports.
3.Disable or tighten control over remote management features, adhering to the principle of ""default deny, allow by exception.
4.Review network architecture to ensure networking equipment is properly placed behind a firewall.
5.Update system software to the latest version, and replace equipment that has reached the end of its lifecycle."
[Reference]
0
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center