So in the last post, you saw how DoS attacks and eavesdropping would be big concerns this year. Here are the last 3 points that Jim Higdon wrote about earlier this year:
3. Microsoft Office Communications Server: Hackers love attacking Microsoft, and Microsoft loves being unprepared. VIPER Lab predicts that hackers will find vulnerabilities in Microsoft Office Communications Serverâ€™s VoIP client and use it to access networks that had previously been secure, and the organization is not alone in reaching this conclusion. Network World blogger Mitchell Ashley suggests that Microsoft could learn from Vonageâ€™s vulnerability to spoofing attacks.
I guess those of us who are using Windows are out of luck in this point. Then again, this is why business are leaning towards alternatives.
4. Vishing by VoIP: The FBI has been aware of vishing for nearly a year now, and the IC3 (Internet Crime Complain Center) recently released a report stating that vishing attacks are on the rise. With caller ID spoofing, the criminals can be very difficult to track, â€œdue to rapidly evolving criminal methodologies,â€ according to the IC3.
Yup, first it was phishing, now it’s vishing.
5. VoIP Attacks Against Service Providers: These sorts of attacks will escalate, VIPER Lab predicts, because of readily available, anonymous $20 SIM cards. As UMA (Unlicensed Mobile Access) technology becomes more widely deployed to allow calls to switch from cell networks to VoIP networks, VIPER Labs warns that â€œservice providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.â€ Such attacks include scripting â€œvarious flood, fuzzing and spoofing attacks,â€ according to VoIP blogger Rich Tehrani. â€œThe hacker could set up multiple IPSec tunnels to various PDGs in the network or across multiple GPRS sessions [generating] up to 10,000 messages per second â€¦ equal [to] the traffic of 10 million users,â€ he wrote.
Knowledge is power. I hope that exposing these threats will help you make your VOIP system more secure.