The network administrator at one of the offices of an MNC was a little surprised when he returned to the office after the weekend and found that the telephones were not working. That Monday turned blue when he found that the service provider had cut off services because, apparently, his office had made international calls worth USD 10,000 on a single weekend!
“I can tell you I was shaken! Our phone bills had never exceeded USD 2000 for a month, and we have no customers outside the US. It was surprising to discover that we’ve been ‘hacked’ on our phone systems!” he said. Now you can probably guess what had happened — the telephone system had been hacked into, and the hackers had initiated calls to long-distance, high toll destinations — a kind of hack that SIP security experts call Toll Fraud and Service Theft.
Unfortunately, businesses have no choice but to pay because, when you have PBXs, the buck stops at your doorstep. Search the Internet, and you’ll find it awash with instances of toll fraud all over the world.
Who are the victims?
If you are an Enterprise communications network with inadequate SIP security, you allow a lot of space in the room for losses through toll fraud and service theft. Communication networks with remote workstations are particularly vulnerable to such attacks. Though devices like Session Border Controllers (SBCs) might give one a false sense of safety, attackers have a few tricks up their sleeve to avoid them.
One of the techniques that they use is to send SIP REGISTER messages to random extension numbers. Responses to such REGISTER messages differ based on whether these numbers exist on the network or not. Using freely-available tools, such as SIPVicious, they can access certificates and domains and register at stations that use default passwords. When attackers determine a couple of station numbers, they can launch long-duration brute force attacks by sending REGISTER messages every half hour or so to hundreds of stations to try and break into the network.
Securing SBCs for SIP Security
Enterprises that take the effort to protect their networks and deploy protection components such as SBCs are still being invaded because they don’t secure their SBCs. In our 2021 State of SBC Security report, we found nearly 50% of SBCs to have unsecured configurations.
Yes, it’s not enough to just deploy SBCs, it’s also critical to-
- Configure them properly
- Audit the configuration regularly
With such custom and hardened configurations, one can have additional customizations based on the communication network topology. For instance, customized TLS service profiles for the HTTPS traffic of the signaling and media interfaces, HTTP relay services, and TURN STUN server traffic ensure bulletproof security of your network. Assurance of the use of only strong ciphers that attackers cannot break provides an edge over SBCs with standard configurations.
Now this may sound simple but it is more difficult than you imagine – a typical industry-standard hardening requires you to look at more than 600 different parameters. Additionally, SIP security, or any security for that matter, is not a one-time activity. You need to periodically assess the state of your company’s SIP security so you can make it harder for attackers to break in.
The easiest and fastest way to do this is to leverage tools designed to do just that. Like Assertion® SecureVoice™. Talk to us to get a clear understanding of your VoIP system’s strength and the risks it faces by uncovering active attacks, threats, breaches, and vulnerabilities.
— — –
Assertion® is a leading communication security solutions provider that empowers companies to Collaborate Confidently. Our ultimate goal is to secure every conversation through our advanced AI-enabled collaboration security solutions. We also provide holistic infrastructure security for over 38 collaboration products, including full-stack collaboration security solutions for the UC and CC stack.