IBM Data Correlates Cyberattacks with VoIP and SIP

Share:

Connected device and network security are never far from front of mind these days given the almost regular occurrence of high-profile cyber-attacks and security breaches. It’s important to keep in mind that VoIP also is vulnerable to cyberattack, as new VoIP attack data from IBM Managed Security Services published by Security Intelligence illustrates.

When it comes to attacks on VoIP communications, ¨Black Hat¨ hackers and cyber-criminals have a range of Internet protocols from which to choose. But one has emerged as a favorite: Session Initiation Protocol (SIP), Security Intelligence’s Michelle Alvarez highlights in a Nov. 30 post.

SIP accounted for over 51 percent of security event activity analyzed in the last 12 months, according to IBM Managed Security Services. VoIP SIP attacks have been rising, with a notable uptick in 2H 2016, IBM MSS points out.

VoIP attacks spiked in July and September as a result of custom-tailored SIP messages that were incorrectly terminated. Another spike took place in October.

Persistence of invalid messages can cause vulnerable server and equipment failures, IBM MSS explains. Messages from VoIP attacks in October had invalid characters in the SIP ¨To¨ field. That’s an indication of suspicious activity that necessitates further investigation.

The Cisco SCCP VoIP protocol followed as the second favorite VoIP attack vector at 48 percent, though the number of occurrences waned over the past 12 months. The large majority of SCCP security events (nearly 74%) are probes that indicate a cyber-attack may be forthcoming, according to IBM MSS.

VoIP’s H225 protocol ranked a distant third among VoIP attack vectors over the period at a fraction of one percent. H225 defines signaling and the assembly of packets for media streaming.

Cyberattacks with VoIP

VoIP spam is another front for cyber-attacks, Alvarez points out. Growing use of VoIP by network carriers and end users has contributed to an ongoing rise in unsolicited robocalls despite a June 2015 FCC ruling that permits telecom companies to provide robocall blocking technology to subscribers.

Nearly 1,000 robocalls (986) were placed every second in the U.S. in August, an all-time high, according to the latest YouMail robocalling trends research. What the YouMail Robocall Index deems a robocalling epidemic continues to expand, increasing 9.3% since July alone.

Hacker and cyber-criminals can also engage in VoIP caller ID spoofing at little cost or effort, thereby gathering private personal data that can be used in subsequent attacks, Alvarez continues.

As an example, she points to a February report that revealed the default configurations of some VoIP phones were insecure, allowing attackers to make, receive and transfer calls, as well as play recordings and install new firmware. Victims’ devices were also used for covert surveillance.

Alvarez also looked at what is perhaps the highest profile method for cyber-attacks: Distributed Denial of Service (DDoS).

Malicious individuals or groups can use automated IP dialers to conduct DDoS attacks that flood an organization’s telephone service with thousands of calls every minute and bring it crashing down, she explains. DDoS has even been used to prevent victims of cyber-fraud from contacting their banks after large sums of money were stolen from their accounts.