I'm always a little sceptical of alerts issued by security firms. You know the kind of thing - it's nasty out there, so buy our software and be safe! However, they can't all just be scaremongering and I was particularly concerned recently when I read a bulletin from Sipera Systems, a company that specialises in unified communications security, highlighting a rapid growth in attacks on VoIP and UC systems.
You can read the full text here - http://www.sipera.com/webfm_send/501 - but for those in a hurry here are some of the highlights:-
- 50% increase in attacks on enterprise UC servers (2009-10)
- Up to 25% of Internet attacks now target voice and UC sectors
- There's an attack against VoIP every 2.5 seconds in peak periods
- Over 20,000 VoIP/UC threats have now been identified
One trend is a rise in so-called "vishing" calls where VoIP is used to obtain passwords, credit card numbers and other security information from unsuspecting victims. Often blended with phishing emails, such calls succeed because victims are largely unaware that caller ID and the use of automated IVR systems can be spoofed using readily available, low cost, VoIP technology.
Eavesdropping on wireless conversations and voicemail hacking are also on the rise, as amply illustrated by the high profile News of the World scandal. Plus it's not just information and identity theft that we have to worry about. Attacks on UC systems can bring down servers and stop companies doing business, with VoIP and video communications particularly sensitive to interference from scanning, DoS and other simple to engineer attacks.
According to Sipera, VoIP and UC are becoming targets of choice, primarily because of the success in identifying and dealing with vulnerabilities elsewhere. Which certainly makes sense and, given that security is a prime reason for not adopting unified communications in the first place, a trend that should concern everyone in the industry.
This article is written by Alan Stevens and sponsored by Avaya. The opinions reflected in this piece are solely those of Alan Stevens and may not reflect those of Avaya management