Botnets, cloud computing power may be fueling attacks against VoIP

A spike in attacks against IP PBX (Private -Automatic- Branch Exchange)s that started last fall shows no signs of abating, spawning speculation that those responsible have tapped into botnets and cloud computing resources to carry out their illegal activities.

The criminals are using brute force attacks to crack passwords, indicating they may be bringing cheap, easily available cloud computing power to bear, says Adam Boone, Sipera's vice president of marketing and product management. The scale of attacks at any given moment indicates that botnets might be in play, now there is no hard evidence that either they or cloud resources are involved, he says.

The most common exploit against compromised PBXs is toll fraud - using someone else's phone system to make long-distance calls. The second is forcing the PBX to call premium numbers controlled by the attackers that charge by the minute. Businesses whose PBXs have been attacked are billed. "In both types of fraud, enterprises are frequently unable to dispute the charges because they are unable to provide evidence that the charges are in error," the Sipera Viper Labs report says.

Cisco as well noted the prevalence of vishing - telephone-based phishing - where callers pretend to be from banks, the government or other institutions and seek to get victims to relinquish valuable personal data just as Social Security and credit card numbers.

Cisco's report, which is about IT security in general, says, "VoIP (Voice over Internet Protocol) abuse has been on the upswing and appears poised for furthermore growth." A graph categorizing different classes of attack puts VoIP (Voice over Internet Protocol) among those with potential however near to the group Cisco calls "rising stars" that includes Web exploits, money laundering and data theft Trojans.

The increase in VoIP attacks

The increase in VoIP attacks was first noted just previously Halloween last year when the peak percentage of attacks against VoIP routinely rose to a high of about 30 per cent. In previous technology, Sipera found that attacks directed against VoIP topped out at about 10 per cent, Boone says. Since last fall the percentage of total attacks that are directed at VoIP has continued to peak at about 30 per cent.

He offers three possible reasons for the attention VoIP is drawing. First, normally VoIP systems are unprotected from outside attacks, he says. Second, VoIP is becoming more popular and reaching a critical mass that draws attackers. "It's common, and it gets the attention of hackers," he says. And third, there's money in it to be had easily.

Sipera has set up honeypots that are exposed to the Internet that appear to be unprotected VoIP systems. Once attackers have successfully broken in, the honeypots monitor what they try to do. They as well locate the source of the attacks by country. The top three attack-launching locations are China, Russia and the U.S., followed by South Korea, Vietnam, Turkey and India, Viper Labs says.

Matthew Hough, Global Director of IT for Mattson Research, made the switch from Microsoft Exchange to Google Apps for his 500-person company. With offices on 3 continents, Mattson Innovation designs, manufactures, and markets the semiconductor wafer processing equipment used to make integrated circuits. Google Apps has changed the way Mattson does business and enabled IT to turn off six servers. The company has as well saved over 70% in total costs compared to Microsoft Exchange.