VISHING
Vishing - An Emerging Threat to VOIP
Vishing is a new threat vector that incorporates phishing type techniques with new Voice over IP (VoIP) technology. Phishing relies on convincing the victim to visit a website where a hacker has created a reasonable facsimile of a known good website such as eBay or PayPal. This technique is based on the victim’s propensity to click on an obfuscated link normally received via e-mail. As the public becomes more aware of this technique, hackers, crackers, and thieves have to modify their actions. Vishing attempts to gain your personal information (bank, eBay, or PayPal account information for example) by either getting you to call the attacker or them calling you and posing as one of the aforementioned places of business. The hackers accomplish this by either sending an official looking e-mail to their victims with a phone number instead of a web page, or they can “spoof” your caller id and call you. When they initiate the call, your caller id will display the name and number of a legitimate place of business.
What It Means to You
As your business, or even as home users, seeks to take advantage of the newer low cost VoIP technology you may unwittingly become attractive targets for would-be attackers. VoIP implementations are an easier target for an attacker since they do not have to “cross-over” into the analog phone line world to initiate their attack. If a potential attacker determines that a VoIP implementation exists they can then initiate a SIP-to-SIP attack rather than having to use a PSTN converter or an ITSP. This does not mean non-VoIP implementations are safe since there are many free ITSP services and a converter is relatively cheap, it simply removes one step for the attacker. Institutions that use both VoIP and PSTN in a hybrid environment would be particularly attractive for an attacker as all the necessary equipment and functionality would be present in one location.
What You Can Do to Protect Yourself
As with phishing attempts, this attack attempts to exploit the victim’s willingness to believe what is presented to them in the form of an e-mail or by caller id in the case of a phone call. Your bank will not e-mail you and ask you to log into their website, and should this ever happen do not use the link or phone number you receive in the e-mail. Instead type the URL into your web browser by hand, and look up the phone number yourself. It is also important for system administrators to be aware of their VoIP implementations and pay particular attention to the traffic being received and generated from their networks. Regularly logging and auditing traffic to and from your enterprise is becoming increasingly important. In many cases this can only be done adequately using an Enterprise Security Manager, such as ArcSight or NetIQ, to assist in adequately evaluating events on your network.
For more information on how Sword & Shield can help you protect your systems from this emerging threat contact: Josh Lohmann, jlohmann@sses.net or 1-865-777-5500 x520.
Our Markets
We service many markets, predominantly in these sectors:
Request Consultation
To speak to a member of our team, please fill out this request form.
