New NCSC Guidance Aimed at Securing PBX Systems From Cyber Threats

• Written by Shipra Sanganeria Cybersecurity & Tech Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

The National Cyber Security Centre (NCSC) of the UK issued guidance to protect Private Branch Exchange (PBX) systems against potential cyber threats. The increasing integration of traditional PBX with the internet has made the system vulnerable to cyberattacks.

PBX is an internet-connected private telephone network, used to route and manage incoming and outgoing calls. The system comprises business-friendly support services, like call forwarding, diverting, voicemail, and conference calling.

According to the advisory, if the PBX systems are not configured correctly, they can expose an organization to various types of fraudulent activities and cyberattacks.

Some of the ways in which the PBX system can be weaponized include, committing ‘dial-through fraud’, where cybercriminals route calls to premium overseas numbers or set up scam lines that charge a premium rate. When compromised, the system allows a threat actor to carry out denial-of-service (DoS) attacks against any enterprise, NCSC says.

To help organizations fortify their cyber defenses, the NCSC released new risk mitigation measures in a recently published advisory.

Regardless of the type of PBX system used, whether internally managed or cloud-based, organizations can boost their system security. Employees can be trained to use stronger passwords and protect administrative accounts by setting up multi-factor authentication (MFA).

Additionally, organizations, as PBX owners are advised to thoroughly review the contract with PBX providers, so as to mitigate financial risks arising from cyber threats.

‘’For example, you may decide that you need to limit the types of calls staff make, or restrict the ability to forward calls to an off-premise number. If you’re using a managed service, then attacks as a result of misconfiguration are the responsibility of the provider, something to keep in mind if you’re pressured into taking out insurance to defend against attacks that should be covered by your managed service provider,’’ the advisory outlined .

In conclusion, NCSC advised that in case of any suspected PBX compromise, enterprises should immediately contact their PBX providers and financial institutions. They should also report the incident to relevant authorities like Action Fraud (UK) or local law enforcement agencies.

PSI Software SE and Fulton County Confirms Ransomware Attack

• Written by Shipra Sanganeria Cybersecurity & Tech Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Germany-based critical infrastructure software provider, PSI Software SE, confirmed a cyber incident to be a ransomware attack in a recent announcement on February 15.

Operating at a global level, PSI Software provides software products and customized solutions to organizations in the logistics, energy, and manufacturing sectors.

In an announcement last week, the company revealed that a cyberattack had impacted its internal infrastructure, forcing it to disconnect several of its internal systems, including mail system ‘’to prevent data breaches and data corruption.’’

Without disclosing any details about the threat actor, the company in a Monday update (February 19), confirmed the incident to be a ransomware attack. ‘’We are currently analyzing the exact vector of the attack,’’ PSI stated.

‘’There are at present no indications that PSI systems at customer sites have been compromised. According to current knowledge, there was no access to remote connections for the maintenance of customer systems,’’ the update revealed.

The company says that since February 16, it’s been working with the relevant authorities and experts recommended by the Federal Office for Information Security. Furthermore, it has deployed several remediation measures to prevent any further damage.

At the time of writing, except the cyber incident update page, the remaining website continues to be offline.

In a separate incident, on February 14, Fulton County, Georgia (US) officials confirmed the January cyber incident to be a ransomware attack.

The financially motivated attack left the county’s critical government operations paralyzed, including essential phone lines, water department, property tax and justice system.

“While our investigation remains ongoing, we do have evidence that suggests this was the result of a ransomware incident caused by financially motivated actors,” Fulton County computer systems Commission Chairman Robb Pitts said.

The county officials ongoing investigation is yet to reveal if any employees or county residents’ sensitive information has been compromised. Nevertheless, the county reassured that in case of a data breach, impacted individuals would be notified and provided relevant data protection resources.