As work-from-home increases, so do attacks on VoIP and unified communications

As companies have shifted to a work-from-home model due to the COVID-19 pandemic, email, VoIP, and other UC capabilities have increased dramatically. Don’t expect this trend to abate anytime soon, as 93% of executives who responded to a ZK Research study expect a 30% permanent increase in remote workers.

[[331517]]

Respondents said maintaining productivity was the biggest challenge when users shifted to working from home, highlighting the importance of collaboration tools. But the right choices can make the transition seamless. For example, VoIP can enable workers to maintain the same phone number at home as they do in the office. They can also connect using a desk phone, mobile phone, or software client on a computer, making the switch virtually frictionless.

Threats to SIP

However, the use of real-time communications does create some security risks. Most communications and collaboration applications rely on the Session Initiation Protocol (SIP) for data transmission. The standardization of SIP has created a more efficient world where all UC systems are interoperable. But a little-known fact about SIP is that it is vulnerable to intrusions, automated message calls, and other anomalous behavior.

VoIP and SIP attacks against carrier and enterprise networks are increasing rapidly. Automated voicemails from botnets can come from legitimate or rented servers, launching dangerous attacks around the world through SIP infrastructure.

According to research from RedShift Networks, on any given day, carriers and their enterprise customers face more than 40,000 different VoIP/SIP attacks. In addition to automated voicemails, networks are vulnerable to network probes, registration hijacking, and DDoS attacks.

From my conversations with network and security professionals, the 40,000 figure seems conservative, especially with the number of people working from home growing exponentially. The growth in the number of people using VoIP services has created a huge opportunity for threat actors and has led to a surge in malicious activity targeting UC systems. This problem has long been ignored by enterprises and service providers, but it needs to be taken seriously.

A new standard for addressing UC threats has emerged

The Federal Communications Commission (FCC) and international regulators are addressing this issue by mandating that carriers must adopt the SHAKEN (Secure Handling of Asserted Information Using Tokens) and STIR (Secure Telephone Identity Revisited) standards. SHAKEN/STIR targets automated messages sent through hijacked VoIP and UC-based computer systems. As a result, calls made through the interconnected telephone network can verify the legitimacy of the caller ID before reaching the end user.

But not all fake SIP calls can be easily detected. SIP can carry all forms of media, not just voice. Various applications such as chat and video conferencing can use SIP. Therefore, it is not enough to simply whitelist or blacklist IP-based communications. Enterprises must focus on protecting their VoIP systems as much as they do their data networks to meet the growing network security challenges.

Protecting communications requires a multi-pronged security approach

The combination of SIP security, threat intelligence, actionable analytics, and automated fraud detection can improve visibility into unauthorized activity across the VoIP network and UC applications. SIP security is necessary to identify and prevent threats at the edge or entry point of the network, while threat intelligence and analytics allow for rapid troubleshooting and threat mitigation. In order to monitor threats found inside the network in real time, fraud detection and ultimate remediation are required.

Some UC threat management solutions are designed specifically for VoIP network security and implement the SHAKEN/STIR standards. They can work with protocols such as SIP, Real-time Transport Protocol (RTP), Transport Layer Security (TLS), and Secure Real-time Transport Protocol (SRTP) to pre-authenticate callers and ensure their legitimacy. Operators with enterprise customers have turned to such solutions to address key problem areas such as UC service theft, severe DDoS or TDoS attacks, automated message calls, and VoIP troubleshooting.

Highly regulated industries are also using UC Threat Management to maintain compliance by establishing a baseline of normal activity at the SIP/VoIP protocol level. In UC Threat Management, unique algorithms can be used to verify the real user and block unusual VoIP/SIP communications or attempts from unregistered users. Healthcare and financial services are two examples of industries where all communications require compliance-level protection.

Earlier this year, the FCC issued an order requiring all originating and terminating voice service providers, including VoIP, to implement STIR/SHAKEN on the IP portion of their networks by June 30, 2021. As more enterprises move to the cloud and adopt UC, vendors will continue to invest in SIP security.

VoIP/SIP attacks on carrier and enterprise networks will not go away. So strengthening VoIP security should be a priority. Without security analytics and real-time threat management for UC, enterprises may put themselves at risk and fail to meet industry compliance requirements.