As some of you may have heard, recently a major U.S. based Service Provider went through a two-day, SIP-based, Telephony Denial of Service (TDoS) cyber-attack. During this attack the service provider's enterprise customers did not have access to their Voice Ports. This attack cost both the service provider and their enterprise customers millions in lost business opportunities.
Interesting, yes, but you may be asking, "What does that have to do with my company's internal VoIP system?" The answer may surprise you.
While enterprises have long protected their data networks from internal and external attacks, voice network security is a relatively new phenomenon. With the advent of Voice over IP technology, enterprises are increasingly exposed to voice-based IP attacks such as voice spam, vishing (voice phishing), spoofing, toll fraud, IP packet eavesdropping and TDoS.
Today's companies face increasing costs as they struggle to handle the enormous volume of fraudulent calls. Adding resources (people, systems, space) and upgrading equipment can only go so far. At the same time, customer satisfaction drops when response time slows--and the company's brand takes a hit.
The most potentially damaging of these new VoIP attacks is a variation on the well-known data Denial of Service attacks. A hacker targets a contact center and floods it with calls to tie up their ports. This has two effects: first, real calls cannot get through and, second, fraudulent calls get through and waste the agents' time.
The biggest problem for enterprises, even the most security minded, is that standard security measures don't work on these attacks. Standard session border controllers do a good job of protecting against malformed packets or Distributed DoS attacks, but will not catch this type of attack at all. Why? Because the fraudulent calls look just like "normal" calls. The only way to really tell that you are being attacked is to actually listen to the call; the agent will most likely hear only white noise or a recording.
And as damaging as these attacks can be for the victim company, the hacker is most likely doing it for financial gain. The hacker sets up a deal with an LEC for a monthly "refund" based on the volumes of 800 numbers dialed. As you know, these 800-number charges are paid for by the customer who is receiving the call and all the LECs/CLECs, etc. along the chain of call delivery get a piece of the 800-number pie. So the LEC at the end of the chain refunds a portion of its pie to the person, in this case the attacker, who is making all the 800-number calls to contact centers.
So what can today's enterprise do better protect its call center and VoIP systems from attack? Some interesting technologies are coming to market and related strategies can be employed to limit the instances and severity of damage. I'll address those in greater detail in my next post.
(No Jitter and Enterprise Connect have had extensive coverage of TDoS recently; see this webinar, this webinar, and this blog post). These issues are also discussed in this security-focused plenary session from Enteprise Connect 2011:
