As per the Intelligence Note Prepared by the Internet Crime Complaint Center (IC3), The FBI has received information concerning a new technique used to conduct vishing attacks. The latest attacks were conducted by hackers exploiting security vulnerability in Asterisk software. Asterisk is free and popular software for integrating PBXii systems with Voice over Internet Protocol (VoIP) and offering Digital Internet voice calling services. The vulnerability can be exploited by Cyber criminals to use the system as an auto dialer, generating thousands of vishing Telephone calls to consumers within one hour.
John Todd, the company’s Asterisk open-source community director, believes that it was probably the March bug, which FBI is referring to in its advisory, On March 18, 2008 researchers at Mu Security reported a bug that could allow an attacker to take control of an Asterisk system, by taking over the account of one individual. In a recent interview with PC world, Todd indicates that the attack described by the FBI would be extremely hard to pull off.
About Vishing attack
Vishing is the illegal practice of using social engineering over the telephone system, most often using features facilitated by voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and phishing and hence the word “VISHING”.
Vishing exploits the public’s trust in landline telephone services, which have traditionally been terminated in physical locations and were known to the telephone company, and associated with a bill-payer.
Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals, advance vishing attacks can however be used for corporate espionage.
You may also like this
- No Related Post
See the article here:
FBI fishing on Asterisk IP PBX vishing
0 comments:
Post a Comment