Last month, there were several long distance calls we caught on our phone bill to Jamaica and DR. Luckily, the charges were not outrageous. But looking in the CDR, I see lots of entries like this:
trunk_1 200014142639500 VIDEOCONFERENCE[trunk_1] 2020-02-11 19:09:09 0:00:00 0:00:00
I have since locked web access to 2 workstations, and changed the admin password. So I will check the logs tomorrow to see if these entries persist.
I’d like figure out how these outbound calls are being made, and how the UCM was exploited in order to prevent future intrusions. I can’t find anything in the UCM referencing trunk_1. Also VIDEOCONFERENCE[trunk_1].
UCM has 184.108.40.206 version firmware.