A new wave of attacks against Voice over IP (VoIP) systems is targeting UK businesses, security experts believe that a surge was advantaged by the greater availability of hacking tools in the criminal underground.
The security firm Nettitude revealed that the VoIP systems are being hit particularly hard, during the first quarter of 2015 the researchers have observed a large amount of VoIP attacks worldwide mainly against UK servers. The experts noticed that cyber attacks against VoIP system often started just a few minutes after a new server went live. It’s interesting to note that almost every VOIP attack (88%) took place outside of regular working hours, in this way criminals avoid control operated by the internal personnel.
“During the first quarter of 2015, our security researchers have observed a large amount of VoIP attacks worldwide; however, the majority were against UK servers. Our researchers found that VoIP attacks often started just a few minutes after a new server went live. Worryingly, they also identified that 88 percent of VoIP attacks took place outside of regular working hours, when there would typically be no security staff present to monitor the situation.”states a new study by Nettitude.
The study provided useful information about tools and techniques used by the threat actors that are targeting VoIP systems.
The experts at Nettitude provided a detailed analysis of the hacking tool known as SIPVicious, initially designed for the auditing of SIP systems, but that is abused by crooks to run brute-force password cracking attacks against VOIP systems.
The Voice over IP Security Alliance (VOIPSA) identified the following categories of threats:
The experts observed an impressive amount of failed password attempts on VOIP systems it monitors.
“The large number of failed attempts to log into the system, register and make calls affected the performance of the system. Such behaviour could cause denial of service, making the services unavailable for legitimate users,” states Nettitude.
The experts noticed that most of the attacks seem to originate from France, but offensives from Chinese IPs were the most dangerous.
Enjoy the report!
(Security Affairs – VOIP, hacking)