It's not just Asterisk either. There are holes in every PBX and softswitch. There is long distance fraud, especially in International calling. You should be checking your CDR's at least daily - or run a script to pick up anomalies."In the last few months, a number of new tools have made it easy for knuckle-draggers to attack and defraud SIP endpoints, Asterisk-based systems included. There are easily-available tools that scan networks looking for SIP hosts, and then scan hosts looking for valid extensions, and then scan valid extensions looking for passwords. You can take steps, NOW, to eliminate many of these problems."
Security in entirety will become extremely important this year. New tools; a tanking world economy; criminals will be looking for every lever to make money or get something free. So will disgruntled employees, so network admins need to be on top of any changes in human resources.