Pierluigi Paganini June 17, 2015

Security experts at Nettitude reported that VoIP (Voice over IP) infrastructures worldwide are targeted by a growing number of cyber attacks.

A new wave of attacks against Voice over IP (VoIP) systems is targeting UK businesses, security experts believe that a surge was advantaged by the greater availability of hacking tools in the criminal underground.

The security firm Nettitude revealed that the VoIP systems are being hit particularly hard, during the first quarter of 2015 the researchers have observed a large amount of VoIP attacks worldwide mainly against UK servers. The experts noticed that cyber attacks against VoIP system often started just a few minutes after a new server went live. It’s interesting to note that almost every VOIP attack (88%) took place outside of regular working hours, in this way criminals avoid control operated by the internal personnel.

“During the first quarter of 2015, our security researchers have observed a large amount of VoIP attacks worldwide; however, the majority were against UK servers. Our researchers found that VoIP attacks often started just a few minutes after a new server went live. Worryingly, they also identified that 88 percent of VoIP attacks took place outside of regular working hours, when there would typically be no security staff present to monitor the situation.”states a new study by Nettitude.

The study provided useful information about tools and techniques used by the threat actors that are targeting VoIP systems.

The experts at Nettitude provided a detailed analysis of the hacking tool known as SIPVicious, initially designed for the auditing of SIP systems, but that is abused by crooks to run brute-force password cracking attacks against VOIP systems.

The Voice over IP Security Alliance (VOIPSA) identified the following categories of threats:

• Social Threats: Social threats can be interpreted as the misrepresentation of identity, authority, rights and content. Eavesdropping: In this threat category, malicious users are able to monitor VoIP communications between two or more VoIP end points.
• Interception and Modification: This category refers to threats where a malicious user may have full access to the communication signal between two or more parties.
• Service Abuse: This category is one of the most common amongst attackers. Premium Rate Service (PRS) fraud is becoming more and more prevalent.
• Intentional Interruption of Service: VoIP services are subject to denial of service (DoS) attack and resource exhaustion. 
• Other Interruptions of Service: This category of threat relates to physical threats such as loss of power

The experts observed an impressive amount of failed password attempts on VOIP systems it monitors.

“The large number of failed attempts to log into the system, register and make calls affected the performance of the system. Such behaviour could cause denial of service, making the services unavailable for legitimate users,” states Nettitude.

The experts noticed that most of the attacks seem to originate from France, but offensives from Chinese IPs were the most dangerous.

Enjoy the report!

Pierluigi Paganini

(Security Affairs – VOIP, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]