I posted an article a week ago covering the 8 most common UC security issues.
After posting this, I thought it would be a good time to post MY OWN list of what see as the 8 most common UC threats (I even provided a chart). This chart shows a representation of the most common UC threats that I have seen in real-world enterprise networks. This chart represents data collected from several hundred assessments and product deployments.
Briefly, the chart is read as follows:
- The vertical axis is a relative measure of the increase in activity observed. Items low on this scale may have a lot of activity but little or no increase over the last 6-12 months.
- The horizontal axis is the relative severity posed by each threat.
- The size of each bubble combines several metrics, but primarily reflects the difficulty of detection and mitigation.
- Threats up and to the right are trending upwards in growth and are more severe risks. This is especially true in critical parts of an enterprise UC infrastructure such as contact centers.
- Threats to the lower left are neither increasing nor declining. These may be sporadic vs. continuous events or continuous commonplace threats, much like port-scanning as a threat in the data world: it is happening all the time.
- Threats in the middle of the graph are typically either of high severity or high growth or a mix of each.
A summary of the threats:
- Automated Telephony Denial of Service (TDoS)—Trending up. Detectable via cutting-edge technology that has limited availability. Attackers target financial portions of victim companies and high-volume contact centers.
- Socially Organized TDoS – A new threat. With its legality and ease of mass-organization through social networking, this method of TDoS was adopted as a tool of the many social dissent activities.
- Social Engineering/financial fraud—Not new, but easier to hide and easier to automate. We are seeing more and more companies become victims of attempts at various types of voice fraud via IVR attacks and social engineering schemes.
- Harassing Calls—Recent large upswing. Calls occur in large bursts of “robocalls”, including threatening calls, voice SPAM/SPIT, voice phishing/vishing, call pumping, Wingari, etc. A combination of technologies make high-volume calling campaigns easier. Partially driven by economic conditions dominated by collection agencies and businesses hungrier than ever to sign up new customers, relying on mass phoning as the cheapest way to reach new customers/prospects.
- Long Distance Loss/Toll Fraud—Perennial issue that continues to increase. Incidents regularly reported in the media. Loss typically a result of insider abuse or a compromised system allowing outsider dial-through access. Also includes IRSF.
- ISP calls—Reduction in modem call duration over last 10 years, but no matching decline in ISP call duration. Very slight uptick in modems and ISP calls in last year.
- Modems—Modems still in wide use, though not as much as 10 years ago. Typically found in IT management, SCADA, telemetry and logistics operations where IP technologies are not yet deployed.
- SIP-Specific Threats/IP-Specific Threats—While many vulnerabilities exist and there are many systems and endpoints that are targets, there just are not many real-world threats. These threats are potentially severe, but still just not that common. Likely attacks would include DoS and eavesdropping.
I will cover each of these threats in subsequent blog posts.