May 2018 – SHOUT OUT Monthly Newsletter

 In Newsletter

Top Vulnerability, BotNet, Attack, VoIP Cost and Fraud News

Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability »

Impact: High
Attack Type: Device and OS Vulnerabilities
Last Updated: 2018 April 27 14:24 GMT
CVE-2017-12260

VoIP Attack Classification:
VoIP Attack Impact:

Executive Summary
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually.

Detailed Analysis
This vulnerability was fixed in firmware releases 7.6.2SR2 and later for Cisco Small Business SPA50xSeries IP Phones and Cisco Small Business SPA51x Series IP Phones. Customers should upgrade to the latest firmware release by visiting the Software Center on Cisco.com, clicking Browse All, and navigating to Collaboration Endpoints > IP Phones > Small Business SPA500 Series IP Phones > IP phone model > IP Telephone Firmware. This vulnerability was fixed in firmware releases 7.6.2SR4 and later for Cisco Small Business SPA52xSeries IP Phones.

Customers should upgrade to the latest firmware release by visiting the Software Center on Cisco.com, clicking Browse All, and navigating to Collaboration Endpoints > IP Phones > Small Business SPA500 Series IP Phones > IP phone model > IP Telephone Firmware.


Common VoIP Attack Classification:

  • Abuse (e.g. Call Conferencing, Toll Fraud, Identity Theft and Traffic Pumping)
  • Robocall Attacks
  • Fuzzing Attacks (e.g. Malformed protocol messages and multiple message types)
  • Eavesdropping (e.g. Call Pattern Tracking, Number Harvesting and Voice Mail reconstruction)
  • VoIP & UC Network Interception and Modification
  • Device Configuration Weakness
  • Voice & Telephony Denial of Service (TDoS) Attacks
  • Device and OS Vulnerabilities
  • IP/TCP Network Infrastructure Weakness
  • VoIP & UC Protocols Implementation Vulnerabilities
  • SIP BotNet attacks
  • Signaling Manipulation Attacks
  • Fraud Attacks – Wangiri, IRSF and many others
  • Media Manipulation Attacks
  • SPAM over Internet Telephony (SPIT)
  • UC Infrastructure Threats (e.g. Voice, Media, IM, Web, UC & Collaboration)
  • UC Application Layer Threats
  • Data & Voice Threats (e.g. SQL Injection, Malware, Viruses, and Buffer Overflows)
  • Voice Phishing

Impact of Recent VoIP Attacks:

  • National US Telecom – $500k fraud attack
  • Regional US Telecom – $120k/month fraud loss, traffic pumping
  • South American Telecom – $1m fraud attack, high toll cost calls
  • National US Telecom – $150k/weekend, call forwarding attacks

UC Threat Terms in the News:

Phreaking
Phreaking modifying hacking techniques on traditional phone service using “blue boxes” and other tools. Phreakers commonly use eavesdropping as a tool to steal usernames, account numbers, phone numbers, and privileged passwords. Privileged access is subsequently used to steal identities and services. Service theft not only includes hijacking credentials to make free calls, it’s a gateway for access to valuable business data.

Vishing
Phishing scams are common, carriers are adept at detecting them. Vishing is the VoIP equivalent. The calling party fakes a known organization and attempts to obtain confidential information. Methods to avoid vishing including removing unknown callers. Don’t blindly trust caller ID, and never hand over sensitive information over the phone without first verifying the caller’s identity. About RedShift Networks:

RedShift Networks customers understand that it’s critical to provide safe, secure Cloud based VoIP and Unified Communications (UC) within their company and for their clients. Our Unified Communication Threat Management (UCTM) offering protects against 40,000 different VoIP threats and attacks through RedShift Networks Global VoIP Threat Intelligence Network Service and Condor Labs.

Carrier customers depend on RedShift to optimize Enterprise customers’ cloud-based VoIP and UC security since responsibility lies in the hands of the service provider. Our worldwide customer base is comprised of telecommunication and other VoIP/UC/Video Cloud based service provider corporations including Retail VoIP Carriers, Mobile Operators, Cable Operators and CLECs.

Start typing and press Enter to search