VoIP Honeypot Report 2

VoIP PBX Honeypot Data Jan 1 2020 to March 20 2020

HAAST

»

HONEYPOT2

Overview

Telium operates numerous VoIP PBX’s (running either FreePBX, Issabel, Asterisk, or Telium PBX simulators) on public IP’s to collect VoIP hacking and fraud data (as part of Telium’s VoIP security service).  In addition to gathering VoIP hacker and fraud data, these “honeypots” help gauge the number and nature of attacks an administrator can expect against his/her own PBX.

While these VoIP honey pots collect a large amount of security related data, this report focuses only on the number of attacks from January 1, 2020 to March 22 2020.  The report defines an attack as an attempt to gain access to PBX resources without authorization, using a variety of recognized attack vectors.  This includes not simply attempts to dial/register without credentials, but also malformed SIP packets, use of known SIP exploits, GUI exploits, attempted management interface connections, etc.

Number Of Attacks Per Day

The graph to the right shows the number of attacks against the PBX’s per day from January 1, 2020 to March 22, 2020.  A significant increase in attack rate is apparent starting in early March 2020.

Geographic Sources

The chart on the left shows the source of attacks by country. The darker the red color the greater the total number of attacks during the reported period.  In order for a country to register on the chart its total number of attacks must cross a minimum threshold value.
Note that the geographic source data accuracy is negatively affected by some attacks known to come through anonymous proxies, VPN services, or cloud hosted attacks routed through other countries.