Let me give you the answer in the first sentence itself: everything!
When I first wrote a version of this article on May 15, 2020, the Covid pandemic was still in its infancy. Now in August 2021, we are in the middle of the third (Fourth? Fifth? I’ve lost count) wave and remote working has become a reality. Collaboration tools like Zoom, well, zoomed in popularity, and so did other communication tools like softphones. Net good result: great business for the makers of collaboration tools and options for employees to work from home. Net bad result: a whole new attack surface for hackers to feast on, and CyberSec/ComSec professionals to worry about.
Collaboration systems are now completely software and therefore easily hackable, but unfortunately, security thinking has yet to permeate the ops teams that manage these collab networks.
Attacks on communication systems shot up more than 600% last year! The total worldwide cost of toll fraud, just one of the many losses that take place when communication systems are breached, was more than USD 33 billion in 2019, and we can safely say it must’ve jumped in 2020.
Isn’t Zoom the only insecure video conference tool?
Is Zoom insecure? Sure, everyone already knows it. There are a million pages talking about how messed up Zoom’s security is. But here is something more for you to chew on — Teams, Webex, Meet, Duo, Skype — they are all insecure too and have been so for ages.
And if you think enterprise collaboration systems are safe, read on about the CEO Con Job…
The CEO Con Job: How this communication security breach panned out
The CEO Con job is one of the most daring heists that we have seen in the last few years. The hackers spent months targeting the company, found ways to bypass all the security infrastructure of the company, and ended up conning the regional head of a multi-national corp into
- Believing that he is part of a secretive acquisition bid
- Assuming that the emails and phone calls from the MNC CEO are legitimate
- Transferring millions of dollars to a remote bank, from where it disappeared into thin air.
The scam would’ve been much bigger — the money had already been transferred 3 times into the bank. Read the full account of how this scam went down.
But I have SBCs! They keep me safe, right?
SBCs are super-useful, no doubt. But like all complex devices, they need to be configured well. Without the right config, they themselves become targets of attacks! So, to make sure that an SBC is doing its job, we need to be sure about two things:
- Is it configured correctly? Even a single configuration option gone wrong will cause tons of trouble with attackers.
- Is it being probed right now? Is it being attacked right now?
The configuration problem is a difficult one – you need to know exactly how your SBC is set up, and if anything has changed – either in the configurations, or in the environment. The configuration may change because someone else in your team may have inadvertently changed an option. The environment may change because changes were made to your network, or attackers discovered a new attack technique.
And the attack issue is a difficult one too. The way in which hackers are attacking networks is constantly evolving. The only way to figure out is to look through millions of lines of logs and look for patterns – patterns that can be as varied as “specific IP addresses that belong to a ‘blacklist’ are repeatedly trying to connect” or “calls are being made to phone numbers in high-toll locations” or “certain calls are going on for way too long”… the list is endless.
Let’s be clear, SBCs are good tools and they can keep us safe, but it is impossible to manually confirm that they are configured correctly and that they are safe from attack. But more importantly, they have the potential to be much more — and there’s a lot more you can do to secure your VoIP systems and ensure they’re enabling productivity and business growth.
Assertion® SecureVoice™ can help you. Talk to us to know more.