Spike in Voip attacks

29 Sep Spike in Voip attacks

I was talking with a client the other day and mentioned they needed to verify their PBX was locked down.   I said, “Every four years we hear about a phone system that gets hacked”.   The client looked confused and asked why every four years?  It’s a presidential election year.  Why does that matter?  It goes to the motivation of an attacker.

It is expensive to have a robo-dialer make phone calls, it is a lot less expensive to hack someone’s phone system and make thousands of calls, than to do it yourself.  Sure enough, this year was no different.  We saw unusual call activity on one of our client’s phone system.  They had placed over 500 hours of long-distance calls.  While that in itself is not unusual, it was for this client, and more unusual was the fact all the calls where to different numbers, all in Iowa. We did some investigation and found the client was working from home and did not have a firewall at their home office. Their home systems were compromised and was placing calls.

This drives home the point that you do not know the motivation of why an attacker wants to compromise your system.  Too often I hear a client (or potential client) say they don’t need to worry about security because, “we’re a small manufacturing company, no one wants to hack us”.  Nothing could be further from reality.  These are perfect victims.  Small companies tend to not know the risks or ignore the risks compared to their bigger counterparts.  All companies, regardless of size, have something hackers want.  It just depends on the motivation of the attacker; it might be a money motivated attack in which case ransomware may be the tactic used.  It may be to steal resources, in which case the attacker may want to use storage, bandwidth, or compute.  It may be they are interested in gathering information, in which case the attacker will want to steal information while hiding the intrusion until it is too late, and yes, there may be a time when an attacker is attacking you because of who you are, but that is a very rare case.

Cyber crime can be very sophisticated, however most of the attacks rely on weak security and a company not following best practices.  If you follow some simple steps you can avoid most attacks.  Some of the things to consider in securing your voice network:

1. Always secure the network that is connecting your endpoints.  Many users have shifted to working from home, but many people have done this with no consideration of security at home.
2. Use a firewall whenever possible.  A properly configured firewall should block all inbound connections except for known traffic.  Just as important you should use egress rules that are just as aggressive as ingress rules.
3. Whenever possible use multi-factor authentication.  Even if your password is compromised, you can still be safe if you have multi-factor authentication enabled.
4. Use Transport Layer Security (TLS) whenever possible.  This is more secure than SSL.
5. Review your call logs regularly to ensure isn’t strange traffic on your extension.
6. Make sure your systems are patched regularly.  If you do not have the latest security patches applied, you may be vulnerable to an attack.

Staying safe is always a challenge.  Most attacks walk up and check to see if the doors are locked, the windows are locked, and if they are, they move on to try the next company.  There are plenty of unsecured systems out there. 

A small investment in security can pay huge dividends.  It is sometimes difficult to see the value in it because it’s hard to say your efforts bore fruit (How do you know your security precautions stopped an attack).  With that said, if you ignore securing your phone system, and your remote sites, it is just a matter of time when it will be hacked.  If you want to talk with someone at NPI about securing your voice network please call us at 253-852-1543.