Sangoma Ransomware
-
@scottalanmiller said in Sangoma Ransomware:
FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Yeah this is unlikely, I agree with you.
Had the attackers managed to get credentials to log in to their GIT system and make changes, I'm sure someone would have noticed directly, or due to alerts. They are a software company, so I'm also sure they have approvals, etc. and all that set up, and it's also unlikely the attackers managed to get all credentials needed to bypass and cover up any source code alterations. Then at the same time, manage to bypass 2FA/MFA or even manage to disable it via some admin credentials. Then also, since it's open source, go unnoticed to the large public community skimming the source code for changes. I doubt they have AD, which makes a compromised AD joined device your golden ticket into the entire domain as domain admin. And it is also likely this was solely a ransomware attack.
-
The concern is not the open source. The concern is closed source.
-
@Obsolesce said in Sangoma Ransomware:
I doubt they have AD, which makes a compromised AD joined device your golden ticket into the entire domain as domain admin. And it is also likely this was solely a ransomware attack.
Oh I bet that they are. Just the nature of being a hardware design and manufacturing firm.
-
@JaredBusch said in Sangoma Ransomware:
The concern is not the open source. The concern is closed source.
Very true. Definitely any closed source from them is very suspect now as there's two risks...
- Attacks now know of security holes that weren't public simply by getting "read access" to the code.
- Compromised are injected because there's no community or repo protection against changes.
-
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
-
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
No, because that is why they bought
FreePBXSchmoozecom and Digium.Sangoma has existed for decades as a hardware company, but that hardware revenue went south years ago.
-
@scottalanmiller said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
The concern is not the open source. The concern is closed source.
Very true. Definitely any closed source from them is very suspect now as there's two risks...
- Attacks now know of security holes that weren't public simply by getting "read access" to the code.
- Compromised are injected because there's no community or repo protection against changes.
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
I don't use them, so not sure about the true nature of that threat though.
-
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
-
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
-
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
Oh also the SSH keys for remoting in to systems. I would say no issue there, but of course stupid people are stupid and I am sure a lot of people have them enabled needlessly.
-
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
Oh also the SSH keys for remoting in to systems. I would say no issue there, but of course stupid people are stupid and I am sure a lot of people have them enabled needlessly.
Okay yeah, I seen SSL mentioned in the one first post, and SSH further down. But not being familiar with the products I didn't know anything beyond that. Perhaps the SSL one was a typo.
-
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
They made profit before that stuff existed. So I think absolutely. That stuff is all just extra.
-
@scottalanmiller said in Sangoma Ransomware:
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
They made profit before that stuff existed. So I think absolutely. That stuff is all just extra.
No, they have said the new software sales far eclipsed their recent hardware sales
-
@JaredBusch said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
They made profit before that stuff existed. So I think absolutely. That stuff is all just extra.
No, they have said the new software sales far eclipsed their recent hardware sales
Eclipsed, but I assume that they original business is still functional. If FreePBX is all they have, that's rough.
-
-
-
Updated official statement.
https://www.sangoma.com/press-releases/sangoma-technologies-provides-update-regarding-data-breach/ -
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
-
@JaredBusch said in Sangoma Ransomware:
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
-
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
No, facts, not speculation.
Did shit happen? Of course. No one is denying it.
Does a ransomware of an exec/upper management mean an entire ecosystem is suddenly invalid? No. That is not how anything works.
It does mean that things need to be considered, risks weighed, and actual intelligent thought made.
