{"id":87661,"date":"2026-06-23T15:10:19","date_gmt":"2026-06-23T12:10:19","guid":{"rendered":"https:\/\/gulftech-news.com\/en\/?p=87661"},"modified":"2026-06-23T15:10:21","modified_gmt":"2026-06-23T12:10:21","slug":"1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events","status":"publish","type":"post","link":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/","title":{"rendered":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><em><strong>Researchers uncover 1.86 million credential attempts and nearly 90,000 suspected toll-fraud calls in just 18 days<\/strong><\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Internet-facing business telephone systems are being targeted through sustained and automated attacks designed to steal credentials and generate fraudulent international calls, CloudSEK researchers have found.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During an 18-day observation period, a controlled Session Initiation Protocol, or SIP, honeypot recorded more than 15.18 million telemetry events, representing approximately 3.79 million SIP requests from 323 source IP addresses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The campaign included 1,869,521 authentication attempts against 29,433 telephone extensions and 89,465 attempted calls, indicating a coordinated attack pipeline moving from reconnaissance and password spraying to suspected financial fraud.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">CloudSEK researchers recovered a live attacker dictionary containing 277,632 unique passwords and 1.49 million extension-password combinations. The plaintext password used could be determined in 96.09% of all credential attempts.&nbsp;<strong>(<\/strong><a href=\"https:\/\/m8tvbyb0.r.us-east-1.awstrack.me\/L0\/https:%2F%2Fwww.cloudsek.com%2Fblog%2Fthe-5060-siege---industrialized-attacks-against-the-sip-telephony-ecosystem\/2\/0100019ef4555c66-5febbaa6-2dc2-44de-801d-812b3ca15500-000000\/FNi6VFDLSe9oVk5Y0R0JPfleXv4=473\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><u>For More Information, Read Full Report<\/u><\/strong><\/a><strong>)<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The findings show that attackers were not relying only on weak passwords. The dictionary also contained medium- and high-complexity credentials, suggesting the use of device defaults, previously exposed passwords and attacker-curated wordlists.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>UK Numbers Dominated Suspected Toll-Fraud Activity<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Of the 89,465 attempted calls, 47,273 targeted United Kingdom numbers, primarily across a limited set of rural and Northern Ireland ranges.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The activity was consistent with International Revenue Share Fraud, in which criminals attempt to use compromised or misconfigured business phone systems to call revenue-generating numbers, leaving the victim organisation responsible for the charges.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers repeatedly dialled the same destinations using different international and outbound prefixes to identify a format permitted by the PBX. One UK number was attempted using more than 80 prefix variations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Credential Replays Point to a Wider Operation<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Researchers also identified 45,580 authentication attempts containing credentials or authentication realms harvested from other systems.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These included references to Asterisk, Intelbras, Grandstream and STARFACE systems, as well as external and private IP addresses associated with other PBX environments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The findings indicate that some attackers may be maintaining a broader collection of scanned or compromised phone systems and reusing harvested authentication material across multiple targets.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Attacks Originated Primarily from Hosting Infrastructure<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">CloudSEK found that 99.8% of source-attributed traffic originated from datacenter or hosting ranges, while 93.5% of attacker IP addresses were already listed by third-party intelligence services as known sources of abuse.&nbsp;<strong>(<\/strong><a href=\"https:\/\/m8tvbyb0.r.us-east-1.awstrack.me\/L0\/https:%2F%2Fwww.cloudsek.com%2Fblog%2Fthe-5060-siege---industrialized-attacks-against-the-sip-telephony-ecosystem\/3\/0100019ef4555c66-5febbaa6-2dc2-44de-801d-812b3ca15500-000000\/Pp85DRO4X5U66jeTja9M68opjN8=473\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><u>For More Information, Read Full Report<\/u><\/strong><\/a><strong>)<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The campaign operated continuously throughout the day, indicating unattended automation. Attackers also spoofed legitimate device identities, including FreePBX, Cisco, Polycom and Avaya, to make malicious traffic appear genuine.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cThe activity shows that attacks against business telephone systems have evolved into an automated operation that moves from discovery and credential attacks to attempted financial exploitation,\u201d said Vikas Kundu, Threat Intelligence Researcher, CloudSEK.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cOrganisations should restrict public access to SIP services, replace default and reused credentials, monitor repeated authentication failures and limit international or premium-rate calling unless operationally required,\u201d Vikas Kundu added.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The study was conducted using a controlled honeypot that recorded attack activity but did not accept credentials or complete any calls.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers uncover 1.86 million credential attempts and nearly 90,000 suspected toll-fraud calls in just 18 days Internet-facing business telephone systems are being targeted through sustained and automated attacks designed to steal credentials and generate fraudulent international calls, CloudSEK researchers have found. During an 18-day observation period, a controlled Session Initiation Protocol, or SIP, honeypot recorded &hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5851,5850],"class_list":["post-87661","post","type-post","status-publish","format-standard","hentry","category-news","tag-cloudsek","tag-phone-systems"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events - Gulf Tech News<\/title>\n<meta name=\"description\" content=\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events - Gulf Tech News\" \/>\n<meta property=\"og:description\" content=\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/\" \/>\n<meta property=\"og:site_name\" content=\"Gulf Tech News\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-23T12:10:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-23T12:10:21+00:00\" \/>\n<meta name=\"author\" content=\"bessan helmi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"bessan helmi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/\"},\"author\":{\"name\":\"bessan helmi\",\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/#\\\/schema\\\/person\\\/c033626e357b2f7e127eac0570ddc05c\"},\"headline\":\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events\",\"datePublished\":\"2026-06-23T12:10:19+00:00\",\"dateModified\":\"2026-06-23T12:10:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/\"},\"wordCount\":481,\"commentCount\":0,\"keywords\":[\"CloudSEK\",\"Phone Systems\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/\",\"url\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/\",\"name\":\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events - Gulf Tech News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/#website\"},\"datePublished\":\"2026-06-23T12:10:19+00:00\",\"dateModified\":\"2026-06-23T12:10:21+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/#\\\/schema\\\/person\\\/c033626e357b2f7e127eac0570ddc05c\"},\"description\":\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/2026\\\/06\\\/23\\\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/\",\"name\":\"Gulf Tech News\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/#\\\/schema\\\/person\\\/c033626e357b2f7e127eac0570ddc05c\",\"name\":\"bessan helmi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g\",\"caption\":\"bessan helmi\"},\"url\":\"https:\\\/\\\/gulftech-news.com\\\/en\\\/author\\\/bessan-helmi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events - Gulf Tech News","description":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/","og_locale":"en_US","og_type":"article","og_title":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events - Gulf Tech News","og_description":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events","og_url":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/","og_site_name":"Gulf Tech News","article_published_time":"2026-06-23T12:10:19+00:00","article_modified_time":"2026-06-23T12:10:21+00:00","author":"bessan helmi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"bessan helmi","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/#article","isPartOf":{"@id":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/"},"author":{"name":"bessan helmi","@id":"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c"},"headline":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events","datePublished":"2026-06-23T12:10:19+00:00","dateModified":"2026-06-23T12:10:21+00:00","mainEntityOfPage":{"@id":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/"},"wordCount":481,"commentCount":0,"keywords":["CloudSEK","Phone Systems"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/","url":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/","name":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events - Gulf Tech News","isPartOf":{"@id":"https:\/\/gulftech-news.com\/en\/#website"},"datePublished":"2026-06-23T12:10:19+00:00","dateModified":"2026-06-23T12:10:21+00:00","author":{"@id":"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c"},"description":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events","breadcrumb":{"@id":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/gulftech-news.com\/en\/2026\/06\/23\/1-8-million-credential-attacks-target-business-phone-systems-as-cloudsek-records-15-million-sip-events\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/gulftech-news.com\/en\/"},{"@type":"ListItem","position":2,"name":"1.8 Million Credential Attacks Target Business Phone Systems as CloudSEK Records 15 Million SIP Events"}]},{"@type":"WebSite","@id":"https:\/\/gulftech-news.com\/en\/#website","url":"https:\/\/gulftech-news.com\/en\/","name":"Gulf Tech News","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gulftech-news.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c","name":"bessan helmi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g","caption":"bessan helmi"},"url":"https:\/\/gulftech-news.com\/en\/author\/bessan-helmi\/"}]}},"_links":{"self":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts\/87661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/comments?post=87661"}],"version-history":[{"count":1,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts\/87661\/revisions"}],"predecessor-version":[{"id":87662,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts\/87661\/revisions\/87662"}],"wp:attachment":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/media?parent=87661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/categories?post=87661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/tags?post=87661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}