New cybersecurity warnings scrutinize VoIP protocol

by CDW Financial Services|Dec 19, 2016

As hackers continue to look for new ways to gain access to networks, a new warning has been shared by IBM. This week’s FIN News brings you insights from the Network World article, “IBM Warns of Rising VoIP Cyber-Attacks,” on an increase in cyberattacks using the VoIP Session Initiation Protocol (SIP).

Here are the highlights:

  • According to a report from IBM’s Security Intelligence group, cyberattacks using the Session Initiation Protocol (SIP) have grown this year.
  • The attacks have accounted for more than 51% of the security event activity analyzed by the group in the last 12 months.
  • Because VoIP routes calls through the same paths used by network and Internet traffic, these routes are also subject to some of the same vulnerabilities and threats cybercriminals use to exploit these networks.
  • VoIP traffic can therefore be intercepted, captured or modified, and is thus subject to attacks aimed at degrading or eliminating service.
  • In early 2016, there were reports of certain VoIP phones that had insecure default configurations, which allowed attackers to make, receive and transfer calls, play recordings, upload new firmware and even use victims’ devices for covert surveillance.

How can you protect your network? Cisco’s Talos security group suggests the following techniques to reduce VoIP security issues:

  • Apply encryption by segment, device or user
  • Encrypt the signaling
  • Use VPNs for network connections by remote phones
  • Apply strong passwords to access the voicemail inbox
  • Delete sensitive voicemail messages
  • Immediately report irregularities or abnormalities

Want to read more about trends impacting banks and credit unions? Our winter issue of the FinTalk Report shares the latest IT insights for the financial services industry.