Growing Cyber Attacks Using VoIP

Media Division | June 26, 2017

When voice-over-internet started, most people thought two things: first, “Wow, cool, I can use the internet for phone calls!”  It introduced the possibility of free long-distance.  But the second thought was, “The quality stinks!”

Things have changed.  VoIP (Voice over Internet Protocols) and cell phones have made a world in which we expect low-orbiting satellites and/or wall ports to instantly connect us, for no additional fee, to anyone we wish to call.

VoIP systems sound just as good as “hardwired” land lines and offer a multitude of conveniences (like emailed voicemail!).

But since VoIP solutions utilize the same systems as other internet services, they are subject to the same kinds of vulnerabilities, threats and cyber attacks— and the numbers are growing.

The Threats to VoIP

So what exactly could a threat actor do to a VoIP system? Unfortunately, in the world of cyber security, the possible exploits grow regularly.  Here are some of the current possibilities:

  • Degrade or eliminate your voice service (for a short period, or a complete system crash, depending on the attack)
  • Intercept phone calls
  • Modify messages or phone calls, such as creating messages or forwarding voicemails
  • Piggy-backing off of a network to make, receive or transfer calls and thus avoid paying for services (similar to someone using your wi-fi)
  • Spoof caller ID to claim they are you (such as when calls pretend to be from the IRS, someone could spoof the caller ID to pretend to be your corporation)
  • Possibly even engage in covert surveillance from devices

Given the possibilities, you can see how you should no more neglect the security of your voice systems, any more than you would neglect the cyber security of your operating systems or any other critical component of your digital business operations.

What Can You Do About It?

Fortunately, there are a number of measures you can take to protect your VoIP systems.

  1. Encrypt the signal. Depending on your provider, you should be able to encrypt your digital voice signal at your internet entry point (called session initiation protocol or SIP), over a Transport Layer Security (TLS). If those acronyms make your head spin, don’t worry.  You can talk to your provider to see what is built into the fabric of the VoIP.
  2. Encrypt in sections—by segment, device or user, to make encryption specific and useful and not bog down your system. Again, your provider should know which of these options are available on your system and how to engage them.
  3. Use a VPN (virtual private network) for connections to remote phones. Remote access has added potential security risks when connecting to your internal systems.  So, set up a VPN for that sort of work.
  4. Use strong passwords. Do not underestimate the value of strong passwords, which you should change at regular intervals.
  5. Separate work and private life, but also delete sensitive voicemails. Storing them adds risk.
  6. Report anomalies, such as slow calls, forwarded voicemails or “missing” voicemails (listened to when you did not, deleted, etc.).

Get Professional Assistance

The most important thing you can do in the security of your VoIP systems, as well as to ensure the smooth operations of all of your business operations, just might be to get professional assistance.

Chances are, you hire an external company to do your office cleaning, or even to do your taxes.  Similarly, cyber intelligence specialists keep you abreast of threats and ahead of the game before they hit you and your business.  They know how to mitigate threats if they do occur.

We can keep you ahead of the game so that you can continue to play the one your business is really about.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.