Skip to content

SIP Security: 3 Symptoms Your SBC is Under Attack

The SBC is a critical device in your communication network. It bridges your enterprise network with that of the public telephone network providing a way for people to dial in / dial out. It connects your Meetings (Zoom, Teams), your PBX (Avaya, Cisco, RingCentral), and provides a route for your customers to call your toll-free numbers. But it’s also a critical part of SIP security. Read on to see why.

Why would a hacker attack my SBC?

The connection between SIP security and your SBC

Attacking an SBC gives a hacker the following key benefits:

  • An ability to use your telephony resources to make long-distance toll calls and run up a toll fraud, one of the most common SIP security failures. This is an economic loss and the Communications Fraud Control Association (CFCA) reports that companies lost $6.69B to toll fraud in 2021.
  • An ability to steal sensitive personal, financial, or health information of customers or employees. This is a data breach and a reputation loss. An average financial record sells for $20 on the black market and a health record for $120.
  • Tapping into the SBC gives the hacker access to voice and video biometric data, which they can then use to impersonate, to break any biometric authentication gates, which can then result in data leaks/eavesdropping.
  • Hacking also allows the hacker to enter into the SBC and use it like a mule, a place to jump off within the trusted network to other data sources that hold sensitive information such as your call center or CRM systems.
  • An ability to disrupt service to create havoc on the business. This is a reputation loss and could result in loss of current and future potential revenue. Bombarding the SBC with rogue requests could bring down its ability to service legitimate traffic. By pushing its resources to high-water mark thresholds, the hacker is probing to find out any exploits or corner cases that could break your SIP security defenses.

SIP Security: How do you know if your SBC is under attack?

You can know if you are under attack if you notice the following symptoms.

  • Spike in telecom bill: If you notice a spike in the telecom bill from your service provider, or calls to unknown numbers, especially international numbers, or calls at odd hours and business downtimes, or long duration calls\, you should observe your system.
  • Extensions slow to log in: When supporting remote workers via the SBC, if the users notice a significant delay in registering and logging in to their work phone (softphone or hard phones or applications on their mobile devices), you should take notice.
  • Too many calls rejected: When using SBC as a trunk gateway in a call center, your priority is to service all incoming customer calls. But what if there are calls being rejected by the SBC? Imagine the customer experience and the cost to your brand reputation. Are you observing the calls being rejected by your SBC on a per-minute basis? If not, you should consider this. Any network-side attack will immediately manifest itself as call rejections by the SBC as it tries to grapple with the changed network behavior. 

Just like in our body, a symptom may be the effect of any number of things. When we have chest pain it could be because of gastro trouble, a heart attack, or a muscle pull while exercising. Knowing the context – in this case, the network connectivity, configuration and use cases, are important to interpret the symptoms of a SIP security incident.  

Fixing a weak SIP security posture

If you suspect an attack or a misuse of your VoIP resources, or feel that your SIP security posture is weak, please seek expert assistance. Security is like health, the sooner you detect issues, the better it is. We can help you.

Tags: