Analysis Based on Data from Real-World, Documented Attacks on US Corporations Over a 10-Year Period
SAN ANTONIO, March 19, 2013
SecureLogix, a Voice and Unified Communications (UC) Security company, today unveiled a new report measuring the occurrence and severity of new threats facing today’s corporate voice and UC networks. According to SecureLogix, U.S. corporations and their customers are now highly vulnerable to fraud schemes and identity theft via sophisticated attacks such as Telephony Denial of Service (TDoS), Fraud/Social Engineering, and Malicious/Harassing Calls.
The SecureLogix “2013 Voice/UC State of Security Report” offers the first-ever glimpse into threats facing corporate voice networks, drawn from real-world data and documented attacks against U.S. corporations over a 10-year period. Previous attempts to characterize these threats have been limited in scope and largely based on threat glossaries, opinion-based surveys, or hypothetical vulnerability tests conducted in closed, laboratory environments.
“While experts have mainly focused on security risks impacting traditional data networks, few attempts have been made to measure attacks targeting voice/UC applications and environments,” said Rod Wallace, SecureLogix vice president of services. “This report is not an academic, theoretical exercise, but rather a clear view into actual criminal activities and threats. The bottom line – if you transact with a utility, bank, investment firm, retail establishment or any other business that hasn’t made attempts to secure their voice network, you’re in real danger of having financial accounts and private information compromised.”
The SecureLogix report is based solely on information pulled from live, operational voice networks, and characterizes attacks and threats by their specific type, incidence level, and severity of damage and impact on U.S. corporations and their customers. Data is pulled from
engagements across more than 120 corporate operational voice networks, including a number of Fortune 100, Fortune 50 and Fortune 10 companies. Nearly every industry is represented, with a concentration on banking/finance, healthcare, retail, utility, and government.
Among key findings is the significant migration of Denial of Service (DoS) attacks from Internet/data to voice networks, especially in contact center environments. With TDoS, call floods generated by computers can disrupt communication services inside customer-facing contact centers, or be used as part of sophisticated financial fraud attacks and call/traffic pumping schemes. 2012 was also marked by the rapid rise of “Social Networking TDoS,” as Facebook, Twitter, and other social networking vehicles are used in Occupy-style tactics to organize TDoS attacks against corporations and public entities with the express intent of shutting down operations. Additional report findings highlight substantial increases in Social Engineering and Identity Theft schemes over voice lines, a massive jump in the observed volume of Harassing Calls, and the continued presence and growth of Toll Fraud/Long Distance Theft and other forms of voice network attacks.
“One reason we’re seeing an increase in voice attacks and schemes is the adoption of Voice- over-Internet Protocol (VoIP),” said Mark Collier, SecureLogix CTO and vice president of engineering. “Free IP-PBX software such as Asterisk/Tribox, computer-based call generation tools, and easy-to-access SIP services greatly lower the barrier-to-entry for voice network attackers. Call generation is set up quickly and used to generate harassing calls, TDoS, voice phishing and SPAM — and for brute-force probe attacks into call center IVRs for account information used for social engineering.”
To view a full copy of the report, please visit www.securelogix.com/sos.
SecureLogix, a Gartner designated “Cool Vendor” is the leader in enterprise voice/UC policy enforcement and ROI intelligence. SecureLogix 7th generation solutions enable customers to save money through securing and optimizing IP Telephony and legacy voice networks, allowing cost efficient and confident migration to SIP Trunking and Unified Communications. SecureLogix solutions are currently protecting and managing over four- and-a-half million enterprise phone lines. For more information, visit SecureLogix on the Web at www.securelogix.com and www.voipsecurityblog.com.
David Heard, VP Marketing & Product Management SecureLogix