Stories from the field: The Top Attacks on Communication Systems: Uncovering the Why, What, and How
What could an American healthcare organization, a European retail giant, and an American public transportation authority have in common??
Undetected and unchecked attacks on their communication systems!?
This should come as no surprise, though. Companies are finding themselves at the receiving end of multiple types of attacks on their communication systems. Financial losses due to telecom fraud have shot up 28% in the last two years, as per the 2021 CFCA survey.???
Given how closely linked these systems are with the rest of the organization, it’s easy to see why such attacks can have far-reaching and potentially devastating consequences.??
The why, what, and how of common attacks on your VoIP systems?
Understanding how to protect your communication systems begins with understanding the why and how behind these attacks.?
The three companies discussed above were victims of the three common attacks on VoIP systems: toll fraud, data exfiltration, and misuse of company resources for harassment calls.??
Let’s look at them in more detail.??
Using a company’s telecom lines to make unauthorized calls to premium rate numbers, takes the top spot as far as the motivations for communication system attacks go.?
Companies have collectively lost $6.69B to toll fraud (or International Revenue Share Fraud (IRSF)) in 2021.??
A US healthcare company, found its business operations curtailed after its telecom provider cut down their calling services after multiple toll fraud attacks on their systems.??
How was this attack carried out??
With a little help from unsecured SBC configurations, some guesswork and social engineering, attackers were able to carry out multiple attacks such as resource development, topology detection, extension harvesting, and finally, brute force attacks to break into extensions to make premium rate calls.?
?
领英推荐
2. Data exfiltration?
In another case, of a public transport authority, attackers compromised extensions to steal employee and customer data. This data, could risk the safety of multiple employees as well as the public – in addition to aiding the misuse of internal systems and assets.?
?
How did this breach play out??
Unsecured and generous SBC configurations helped attackers determine valid extension ranges. Password spray attacks helped compromise 50+ extensions, ultimately leading to eavesdropping and data exfiltration.??
?
A retail giant was subject to an investigation by a law enforcement agency, after attackers broke into its remote worker extensions to make hundreds of harassment calls.??
?
To find out how this attack played out, and to learn more about seven more common attacks on communication systems, join our CTO, Dr. Valentine Matula for his latest session at the IAUG Central New York Chapter Meet.?
Dr. Matula will shed light on the top 10 attacks on Communications systems, how you can identify their attack vectors, and share guidelines for building a stronger communications security posture - starting with SBCs, your perimeter devices.?
Here are the session details:?