How secure is your company's VoIP system? Do you ever give a second thought to whether or not your IP-based communications are being monitored or mined for confidential information by cyber criminals, or what your company would do if their VoIP services were halted by an act of cyber crime? It does happen!
Since the invent of internet-based telephony, the communications landscape in the modern business has changed. Increasing numbers of businesses are electing to make use of VoIP systems as their primary mode of communication, thanks in part to the reduction in costs associated with IP telephony and its ability to integrate seamlessly with IT systems. But these systems, despite having a lot of benefits, are not invulnerable, and could fall prey to a variety of threats if left unprotected.
Defend Your Voice System From These Common Threats
Malware and Viruses
Probably the most well-known of threats, malware or virus attacks can cripple your VoIP network. Malware can mimic genuine software, and when downloaded by a user may leak VoIP credentials or open a remote backdoor on the target.
Caller ID Spoofing
Caller identity is a convenience in the workplace, allowing users to identify a caller's information. It's service provided for a fee by your service provider, allowing users access to details such as call duration, time and caller information. Spoofing websites can be used to make spoofed calls to a network, pretending to be a trusted caller (such as a bank) and to subsequently request confidential information, causing a data breach.
Registration Hijacking
When a user agent (IP phone) plugs into a VoIP network for the first time, it attempts to connect to the server for registration purposes, after which it's available for use. Registration hijacking occurs when an attacker impersonates the user agent and attempts to connect to the server and become a part of the network. If successful, the calls that would have been directed to the user agent are directed to the attacker.
Vishing
Voice phishing, known as vishing, is a socially engineered attack designed to trick a prospective victim into divulging sensitive or personal information. Information stolen often includes credit card details, and information needed for identity theft.
Call Interception
A commonly encountered issue, call interception occurs because data passing through VoIP gateways isn't encrypted by default, allowing malicious entities to hijack the signal and listen in to calls. This type of attack occurs more frequently on unsecured wireless networks, which is why proper network security is essential.
Data Exfiltration
Attackers can utilise RTP sessions to exfiltrate data, using a VoIP trojan that sends out data from the host system as an RTP stream. VoIP packets are susceptible because unlike data packets in other formats, they are very difficult to scan for hidden content or data without causing a delay in the entire data stream.
Denial of Service Attacks
Also known as a DoS attacks, these malicious activities flood the network with large amounts of data, and subsequently interrupt services and stifle functionality.
Spam over Internet Telephony
Sometimes called SPIT, these attacks involve the mass sending of automatically dialed pre-recorded phone calls using VoIP.
Gaining maximum value and productivity from your VoIP solution involves ensuring you're protecting your system. It's important to monitor it constantly and stay informed of potential threats by reading reports and whitepapers on developments in this area.
Remember, an effective system is a protected one, so make sure to take care of yours!
