July/August 2018 – SHOUT OUT Monthly Newsletter

 In Newsletter

Top Vulnerability, BotNet, Attack, VoIP Cost and Fraud News

Malicious Media Session »

Impact: High
Attack Type: VoIP & UC Network Interception and Modification
Last Updated: 2018 July 30

VoIP Attack Classification:
VoIP Attack Impact:

Executive Summary
Attacking entities are constantly changing their techniques for penetrating SIP/VoIP base networks that lead directly to fraudulent activity. This activity is resulting in thousands of dollars in losses to service providers when going undetected by the SBC.  Plantronics Polycom talked about the related PPLSIP-based attacks in this SIP BotNet alert in the last 12 months.

RedShift customers are seeing this new anomalous traffic method manipulating packets to evade SBC defenses. Hackers are spoofing the user agent in the INVITE Message with a valid naming convention. However, they can’t hide the session owner and name from the software client they are using to implement the attacks. By applying Deep Packet Inspection (DPI) at the Session Description Packet (SDP) layer, RedShift detects this Malicious Media attack method and employs external mechanisms via a Blacklist API to automatically mitigate the attack.

To date, RedShift customers have used our DPI to identify many malicious media sessions previously undetected by SBC defenses. Without UCTM DPI, substantial losses to service providers are an increasingly reality.


Common VoIP Attack Classification:

  • Abuse (e.g. Call Conferencing, Toll Fraud, Identity Theft and Traffic Pumping)
  • Robocall Attacks
  • Fuzzing Attacks (e.g. Malformed protocol messages and multiple message types)
  • Eavesdropping (e.g. Call Pattern Tracking, Number Harvesting and Voice Mail reconstruction)
  • VoIP & UC Network Interception and Modification
  • Device Configuration Weakness
  • Voice & Telephony Denial of Service (TDoS) Attacks
  • Device and OS Vulnerabilities
  • IP/TCP Network Infrastructure Weakness
  • VoIP & UC Protocols Implementation Vulnerabilities
  • SIP BotNet attacks
  • Signaling Manipulation Attacks
  • Fraud Attacks – Wangiri, IRSF and many others
  • Media Manipulation Attacks
  • SPAM over Internet Telephony (SPIT)
  • UC Infrastructure Threats (e.g. Voice, Media, IM, Web, UC & Collaboration)
  • UC Application Layer Threats
  • Data & Voice Threats (e.g. SQL Injection, Malware, Viruses, and Buffer Overflows)
  • Voice Phishing

Costly Cyber Attack Threats, News and Resources:

  • 74% of organizations are more concerned with cybersecurity attacks than they were last year, it is important to understand the factors raising these concerns. The 2017 U.S. State of Cybercrime Survey in partnership between CSO, U.S. Secret Service, and CERT Division of Software Engineering. The 2018 Survey is due out soon and RedShift will share highlights upon its release. Read the full article HERE »
  • A range of business customers could be impacted by a high-severity security flaw discovered in Cisco VoIP phones. The vendor issued a patch on Wednesday. Cisco also patched two medium-security flaws today in its FireSIGHT management platform for network security; and one medium-severity issue in the Web Security Appliance. Finally, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.The most critical of the flaws, CVE-2018-0341, would allow command injection and remote code execution on IP phones, including higher-end models that have HD video call functionality.Read the full article HERE »
  • Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition.  New book is a must-read for any security professional responsible for VoIP or UC infrastructure. This new edition is a powerful resource that will help you keep your communications systems secure. Get the book details HERE »
  • Unfortunately, despite the agility and flexibility afforded by IP, it also carries increased security risks when used for VoIP. Telecoms systems are just as vulnerable as any other IP-based network. In the same way that businesses use anti-virus software and firewalls to protect their systems, it’s imperative that secure encryption is a part of any business telecoms set-up. Read the full article HERE »
  • While convenient for modern organizations, voice over IP (VoIP) comes with its own security challenges.  The consequences of not doing so can be crippling. Indeed, cyber crime is set to cost businesses around $6 trillion globally by 2021. Read the full article HERE »

Start typing and press Enter to search