With VoIP, Old Attacks Find New Targets

A report says tried-and-true attacks are finding rich new hunting grounds as the number of enterprise VoIP deployments increases.

By David Needle | Posted Apr 16, 2009
Page 1 of 2
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

IT professionals can add VoIP to the growing list of security threats they need to monitor. Security firm WatchGuard Technologies detailed seven leading threats to Voice over IP services in a release this week. While they aren't all new, they stand to become higher profile as the bad guys seek to exploit VoIP's increased popularity.

"Some of these are tested and true blue data hacks that have been around for a while, and now there's a lucrative new field for hackers and criminals to go after on the VoIP side," WatchGuard spokesman Chris McKie told InternetNews.com. "The bad guys are going to go where the money is."

WatchGuard says recent reports predict as much as 75 percent of corporate phone lines will be using VoIP in the next two years. By the end of this year, the total number of VoIP subscribers worldwide (residential and commercial) is expected to reach nearly 100 million.

Heading WatchGuard's list are Denial of Service (DoS) attacks, similar to those made to data networks. VoIP DoS attacks leverage the same tactic of running multiple packet streams, such as call requests and registrations, to the point where VoIP services fail.

These types of attack often target SIP (Session Initiation Protocol) extensions, according to WatchGuard, that ultimately exhaust VoIP server resources, which cause busy signals or disconnects.

Another is Spam over Internet Telephony (SPIT). Like unwanted e-mail, SPIT can be generated in a similar way with botnets that target millions of VoIP users from compromised systems. Like junk mail, SPIT messages can slow system performance, clog voicemail boxes and inhibit user productivity.

VoIP is also potentially vulnerable to Directory Harvesting attacks. These occur when attackers attempt to find valid VoIP addresses by conducting "brute force" attacks on a network.

When a hacker sends thousands of VoIP addresses to a particular VoIP domain, most of the VoIP addresses will "bounce back" as invalid, says WatchGuard. But from those that are not returned, the hacker can identify valid VoIP addresses.

By harvesting the VoIP user directory, the hacker now gains a new list of VoIP subscribers that can be new targets to other VoIP threats, such as SPIT or vishing attacks.

Vishing, or Voice Phishing, attempts to get users to divulge personal and sensitive information, such as user names, account numbers and passwords.

The trick works by spamming users and luring them to call their bank or service provider to verify account information. Once valid user information is given, criminals are free to sell this data to others, or in many cases, directly siphon funds from credit cards or bank accounts.

Along with its competitors, WatchGuard offers its own set of solutions, including wired and wireless unified threat management appliances. "What we're saying is that a business that already has VoIP in place or is planning to add it, should be aware that the same hacks on the data networks can be exploited on a VoIP network," said McKie. "Some companies already have the firewalls in place, but some don't so it's important to make sure your investment is protected."

Next page: getting a jump on the bad guys

Article courtesy of InternetNews.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter