As long as you have a device connected to the network, it is immediately at a potential risk for attack. Security is no longer an aspect only the large Enterprise with sensitive data needs to worry about - every company from small to mid-size to massive needs to concern themselves with solid security practices. Hackers can and will affect any device on your network that connects to the internet, and the more devices you have the more potential back doors are left wide open.
Part of the biggest criticism against the emerging Internet of Things is just this, with so many devices and so little security, there is a massive hole directly open to not only your things and their controls, but your entire network. But this relates directly to our VoIP solutions as well, regardless of whether you are using SIP Trunking, or a Hosted PBX provider.
IBM's Security Intelligence has put together a report of the most recent VoIP attacks, the trends evolving, methods of access and even different forms of attacks being carried out. We decided to take a really close look at just exactly what's going on.
But let’s bring that back home a bit - today, right now if your business is using VoIP or Unified Communications, it is completely possible your network is susceptible to attack. And as we have seen, VoIP attacks are actually on the rise. Since VoIP sends calls directly through the same exact path that your network uses for internet and other traffic, your VoIP connections open your network to attack and exploitation. That's right, a hacker can gain access to your network through that old IP phone down the hall. We even have new phones, like those from Mitel, that integrate directly with your smart phone - just about everything can be vulnerable.
Security is nothing to joke about, and its why even Slack has not only spawned a large number of alternatives, some with deep security concerns like Cisco's Spark, but also why Slack is readying its own Enterprise deployment with strict security. Just look at how much Slack now boasts about their security on their website, and that wasn't always the case.
So, if even your free work place chat app is locking up its doors, it would make sense for your business to do the same. Here we'll take a look at some of the popular VoIP attacks on the rise, and what you can do to help keep your network safe. Just in case you're not even sure what to look for when it comes to hacks, we put together a list of the five major signs your VoIP system is hacked to look out for.
The Protocols Under Attack
Without getting too bogged down in the technical details, it first makes sense to understand how and why an attack on your VoIP communications, or the network surrounding your VoIP solution, could even occur. VoIP operates on a number of different specific protocols - depending on your solution, provider and setup your office might employ just one of these protocols, or multiple. For our discussion, we will focus on three specific protocols: SIP, Cisco's proprietary SCCP, and the more recent H225 protocol.
According to IBM Managed Security Services information, the two most compromised protocols are SIP at over 51% of detected security events in 2016, with a specific uptick in the second half of the year, and SCCP with 48% of detected security events. H225, which is part of the H.323 Protocol Suite, managed to squeeze its way in with only a mere 1% of security events.
SIP, is still one of the most popular VoIP protocols, so it come as little surprise that SIP welcomes the largest number of attacks. SCCP, which is Cisco's Skinny Client Control Protocol, on the other hand brought in almost half of the attacks, and again isn't too surprising. SCCP is a lightweight, IP-based protocol used for communication between Cisco IP phones and the Cisco UC manager. With Cisco being one of the largest providers in this space, it’s no surprise there's a large number of solutions adopted.
SCCP attacks have actually be declining in the last year, unlike SIP attacks that noticed a large increase in the second half. Also interesting to note, almost 74% of attacks on the SCCP protocol are "pre-attack probes," which allow the attackers to gather information on potential targets by examining the network's device capabilities. So, they can peak their head in and see what kind of defenses you have, before they even start their attack.
H225, on the other hand, while still popular, fared way better in the last year - with less than 1% of the activity, it’s worth noting but not one we will focus on too heavily. However, our recommended safety practices can really be applied to any VoIP protocol, network or computer.
Popular Methods of Attack
Depending on which protocol is under attack, and the overall goal of the attacker, the chosen method of attack into your network could differ. With varying levels of hacks, different networks are exposed to different levels of threat - but all are worth protecting against equally, of course. Depending on what the attacker is attempting to accomplish, they will go about attacking in a number of different ways. Some of the most common VoIP hacking methods include:
- Malicious Calls To Take Down SIP Networks
- What are essentially DDoS - Distributed Denial of Service - attacks on your VoIP network can be used to take down your SIP protocol, and the layer on which it operates. This would essentially render your system unusable, unable to accept or make calls, and might even prevent access to any associated online portals, configuration pages or softphones and web communications.
- Just like a standard DDoS attack, this works by overwhelming your network with an insane number of requests. For SIP, this could be misconfigured SIP messages, or SIP messages with invalid characters in the "To" field - either way, these messages will overwhelm the system, unable to process all the information in time to keep up with the demand.
- Caller ID Spoofing
- With Caller ID Spoofing, hackers access your network, whether it be through your phones, router, or computer, and gather as much information as they can, like phone numbers or lines and extensions. The easiest way for them to get access would be through IP phones that are using the default password on them - since these passwords can be easily found from a quick google search.
- Once they gain access and information, users can simply spam your phones with scam calls or sell your phone number to those that spam. The FCC has been cracking down on these call centers, but the efforts are pretty futile and people will do it regardless. Or even scarier, in essence attackers can take control over your phone: they can make and receive or transfer calls, play and save recordings, or upload new firmware to infect the network the phone is connected to. If they gain personal information, hackers can call up service providers pretending to be yourself or another user and gain otherwise unauthorized access.
- Toll Fraud
- Toll Fraud is an interesting concept that can be executed in a few different ways, but the end result is generally the same: an attacker gains access to your network, or relevant VoIP account information, with which they can commit fraud. This can differ from Illegal SIP Usage, in which hackers would use programmed scripts to detect any open VoIP ports and constantly attempt to authenticate, or gain control of the system. Hackers can also connect to a VoIP network directly with any compromised SIP credentials, like weak passwords or soft phones on public, unsecured Wi-Fi networks.
- Once the attacker gains access to your network, or account information, they can order and activated a hosted PBX solution under your company's name, or place an insane number of fake calls directly from your account simply to charge your company ridiculous amounts of money, while committing some level of fraud in the process.
How To Protect Your Network
While not every network will be attacked, the chances are still fairly high as you can tell, and no matter what it’s better to have a secure network than an open one. If anything, your clients and customers will thank you for that. However, nothing is worse than a false sense of security stemming from bad practices, especially when the real. Helpful security practices are simple common sense.
- Use Strong Passwords - It may be tempting for the ease of use, but never, ever leave the default passwords on any IP phones, routers, switches, firewalls, Session Border Controllers, or anything connected to your network at all. Using default admin passwords without a doubt the easiest method for someone unauthorized to gain access to your network. Just about every single default password for any device can be found with a simple google search - go ahead, google your router name along with the phrase "default password," and it should pop up. In a similar note, weak passwords like your business name, your last name or a simple date are easy to break through with brute force or just completely guess.
- Encrypt All the Things! - Since VoIP calls are transmitted over the internet unencrypted, they can easily be intercepted and drained of all information. Encrypting your communications can more often than not be easily turned on and enabled or configured between multiple points that already exist on your network. Depending on how your network is setup and with what hardware is employed, this might come down to your specific VoIP vendor, or settings on hardware or even software Firewalls, Session Border Controllers, or sometimes on both VoIP routers and SMB routers.
- Employ a VPN - We covered this topic in depth in the past, and its worth noting again as well. A VPN, or Virtual Private Network, is one of the easiest ways to encrypt and secure the connections of your remote or off-site workers. A VPN establishes a "tunnel" through the public internet, or publically access networks your workers might be on, to filter through only secured encrypted information to and from the office network. A VPN simply allows users offsite to access the onsite network as if they were in the same building, without a massive gaping security hole available to a public network.
- Test Your Network - Depending on the size of your business, your level of expertise or availability of an IT specialist, testing your network is a great way to look for any backdoors, easy routes in or vulnerabilities. A thorough test could connect all access points, connection gateways, phone and network settings to look for any weak spots - and then of course patch them up as necessary. Adding in a fancy firewall might provide a sense of security, but without proper configuration that false sense of security could lead to an unfortunate attack down the road.
- Train Your Team - The best antivirus out there is common sense - changing passwords from defaults, only relying on secure network connections, not clicking and downloading any advertisements, or fishy looking websites are some of the best ways to ensure your computer, and overall network, are not compromised. If you are not sure of what you're clicking or downloading, simply don’t. Also, form the habit of changing passwords of all new devices added to the network. Training your team in these simple preventative measures can help keep your network safe, while not even making any further investments
Protect It Now, Thank Yourself Later
Just like a home, you never hope to have to fall back on the defenses you put in place. No one ever wants to experience a break-in, just like no company wants to experience an attack on their network. But the correct protocols should be taken to ensure your network is safe just in case there ever is an attempted break-in.
Whether you are attempting to protect user data, employee data, business operations, phone call context, or simply prevent any cases of fraud: security should be any company's number one concern when establishing a network, and even their specific VoIP solution. Beyond taking into account the tips we list above, it could be helpful to speak to your VoIP provider to see what security solutions exist, and how you can secure your own network.