A new report by IBM’s Security Intelligence team show there has been an increase in VOIP cyber attacks in 2016, with a significant increase in the second half of the year.
The majority of VOIP cyber attacks in the past month (51.47%) are on VOIP systems that operate on the Session Initiation Protocol (SIP): One of the most common VOIP protocols in use. 48.39% of attacks affected Cisco’s Skinny Client Control Protocol (SCCP): The protocol used for communications between Cisco VoIP phones and the Cisco Unified Communications Manager.
According to the report, “Spikes in July and September were mostly the result of specially crafted SIP messages that were terminated incorrectly. Persistent, invalid messages are known to cause vulnerable servers and equipment to fail.”
The majority of attacks (74%) on Cisco’s SCCP were pre-attack probes to gather intelligence on potential targets and to assess capabilities. IBM noticed SCCP attacks have declined slightly this year, although SIP VOIP cyber attacks have increased in 2016.
Successful attacks allow cybercriminals to intercept VOIP calls for surveillance purposes. The information gathered can then be used to conduct convincing scams on targets. Attackers are also able to conduct attacks and receive and transfer calls, upload new firmware, or play recordings.
If VOIP services are hijacked, the attackers can make free calls which will be charged to the targets bill. VOIP systems can also be subjected to Distributed Denial of Service (DDoS) attacks by flooding the system with huge numbers of automated calls.
IBM warns that if VOIP devices are not secured it may be possible for cybercriminals to use hijacked VOIP devices to launch attacks on the systems to which the devices connect, warning that “cybercriminals can weaponize any internet-connected corporate or consumer device.”
IBM suggests users of VOIP services encrypt their communications to prevent eavesdropping and use strong passwords for the devices. Since lists of default VOIP passwords are readily available online, leaving default credentials in place will make it easy for VOIP cyber attacks to be conducted. IBM also recommends using a VPN to ensure that attackers cannot use a network analyzer to capture VOIP data.