Story image

VoIP vulnerable to cyber attacks

16 Jul 15

New research out of the UK has revealed VoIP infrastructure has become more susceptible to cyber attacks.

The research, performed by security consultancy firm Nettitude, says VoIP infrastructure is vulnerable due to the proliferation of both its use and the tools that can used for malicious purposes. 

“The driving factor for the success of VoIP is cost reduction, both for users and providers,” Nettitude observes in its report of the findings. “But VoIP doesn’t only bring reduced costs, it also brings threats and vulnerabilities unprecedented to the telephone industry.”

According to the report, Nettitude observed a large number of VoIP attacks against servers during the first quarter of 2015. 

VoIP infrastructure is subject to most of the well-known attacks against network infrastructures. However, there are some specific attack vectors that make this a potentially attractive attack surface, the report surmises, including social threats, eavesdropping, interception and modification, service abuse, intentional interruption of service, and other interruptions such as loss of power. 

The Nettitude report says there are various ways in which VoIP traffic and systems can be targeted. 

“VoIP attacks, just like any other attacks against network infrastructure, would have different impacts on the business depending on the service that were being targeted,” the report explains. 

Nettitude found attackers were very active out of office hours, with analysis revealing 88% of attacks occurred during downtime. 

“It is a fact that many companies cannot afford security analysts for 24/7 services. The need of dedicated services is then required to ensure that appropriate responses and actions are taken when attacks are identified.”

Nettitude says a well thought out strategy should be in place for ensuring that VoIP services are not disrupted.

“Statistics show that attackers operate when IT staff are likely to be away from their services,” the report explains. “It is therefore important to have 24/7 monitoring system that will allow attacks to be detected and mitigated in real time.”

Further to an efficient monitoring system, Nettitude has gathered and continues to gather intelligence about VoIP malicious users, their respective tools and techniques. “Such intelligence will be invaluable in protecting against know offenders and their techniques, whilst putting in place mitigation strategies for unknown factors,” Nettitude explains.

“Before applying any security, understanding the VoIP environment is paramount. This will help to understand the nature of the environment and its specific threats.”

Chayora announces a strategic partnership with Sinnet Technology
Chayora, a Hong Kong-based data center infrastructure company, announced that it has entered into a strategic partnership with Beijing Sinnet Technology.
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Huawei continues 5G trials despite ongoing concern
Huawei completed the 5G NR test at 2.6GHz spectrum in the 5G trial organised by the IMT-2020 (5G) Promotion Group. 
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.
Top risk facing organisations? Why, it’s an IT talent famine
For some time there has been talk about how the IT industry is crying out for new talent and skills, which a lot of people have glossed over. But now Gartner says it is a harsh reality.
HPE invests in services with new A/NZ execs 
With IT services spend growing in Australia and New Zealand, HPE is appointing execs for software and technology services in the South Pacific.
Inspur’s server delivery to Baidu claims new record
After an urgent request, Inspur delivered a shipment of rack scale servers of more than 10,000 nodes to a Baidu data centre - equating to one server delivered every 2.88 seconds.
LISA Double Access fibre management system to launch at Cisco Live
“In a data centre, the protection of the fibre is key, which is exactly what the LISA Double Access offers customers.”