Botnets, cloud computing power may be fueling attacks against VoIP

VoIP and compliance regulations make strange and difficult bedfellows

A spike in attacks against IP PBXs that started last fall shows no signs of abating, spawning speculation that those responsible have tapped into botnets and cloud computing resources to carry out their illegal activities.

Regulation: VoIP and compliance regulations make strange and difficult bedfellows

According to separate security reports from Cisco and Sipera's Viper Lab research arm, the exploits are carried out using techniques that lend themselves to the interpretation that the attackers are tapping into broad resources that make their work more effective.

The criminals are using brute force attacks to crack passwords, indicating they may be bringing cheap, easily available cloud computing power to bear, says Adam Boone, Sipera's vice president of marketing and product management. The scale of attacks at any given moment indicates that botnets might be in play, but there is no hard evidence that either they or cloud resources are involved, he says.

The most common exploit against compromised PBXs is toll fraud - using someone else's phone system to make long-distance calls. The second is forcing the PBX to call premium numbers controlled by the attackers that charge by the minute. Businesses whose PBXs have been attacked are billed. "In both types of fraud, enterprises are frequently unable to dispute the charges because they are unable to provide evidence that the charges are in error," the Sipera Viper Labs report says.

Cisco also noted the prevalence of vishing - telephone-based phishing - where callers pretend to be from banks, the government or other institutions and seek to get victims to relinquish valuable personal data such as Social Security and credit card numbers.

Cisco's report, which is about IT security in general, says, "VoIP abuse has been on the upswing and appears poised for further growth." A graph categorizing different classes of attack puts VoIP among those with potential but near to the group Cisco calls "rising stars" that includes Web exploits, money laundering and data theft Trojans.

The increase in VoIP attacks was first noted just before Halloween last year when the peak percentage of attacks against VoIP routinely rose to a high of about 30 per cent. In previous research, Sipera found that attacks directed against VoIP topped out at about 10 per cent, Boone says. Since last fall the percentage of total attacks that are directed at VoIP has continued to peak at about 30 per cent.

He offers three possible reasons for the attention VoIP is drawing. First, by and large VoIP systems are unprotected from outside attacks, he says. Second, VoIP is becoming more popular and reaching a critical mass that draws attackers. "It's common, and it gets the attention of hackers," he says. And third, there's money in it to be had easily.

Sipera has set up honeypots that are exposed to the Internet that appear to be unprotected VoIP systems. Once attackers have successfully broken in, the honeypots monitor what they try to do. They also locate the source of the attacks by country. The top three attack-launching locations are China, Russia and the U.S., followed by South Korea, Vietnam, Turkey and India, Viper Labs says.

Read more about lans and routers in Network World's LANs & Routers section.

Join the CSO newsletter!

Error: Please check your email address.

Tags unified communicationsConfiguration / maintenancetelecommunicationvoipNetworkingsecurityhardware systemsData Centerinternetcloud computinganti-malware

More about CiscoLAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts