The Truth About Telecommunication Security Issues


The Truth About Telecommunication Security Issues and Telecom PBX Hacking

Telecommunications fraud, also known as phone hacking, is a multi-billion dollar threat that bottom line, businesses simply cannot afford. Companies continue to find themselves in extremely costly situations of telecommunications security fraud quite frequently and often choose to keep things hidden to avoid negative press regarding security, unfortunately leading to a lack of awareness surrounding the topic. This lack of awareness has created a vicious circle of vulnerability, leading to lawsuits with phone providers and internal conflict between the already overworked IT and financial departments — considering network security is routinely the IT department’s responsibility, when it comes down to it the ultimate blame tends to fall on them.

So why is this happening? The reason so many businesses are falling victim to telecommunications security fraud is they either are unable to produce the evidence or data required to prove the said charges are fraudulent or, in the case of larger budgets, the charges go unnoticed altogether. What’s even more concerning than this is that cyber fraudsters are constantly working to develop new and creative ways to tap money from well-known, established businesses of all shapes and sizes.

Types of Telecommunication Fraud

There are two very specific types of hacking in the telecommunications world: user authentication hacking and SIP toll fraud hacking.

User Authentication Hacking

With user authentication hacking, hackers can gain full access to a PBX when they discover vulnerability via network firewalls and enter through video edge devices.  This process is often accomplished via SIP trunking through VoIP PBX or through a direct gateway. And once the hacker has access to a PBX or VoIP system the can initiate calls, change call routing plans, etc. These hackers often lower the changes of detection by planning their attacks at off-times, such as earlier in the morning or over the weekend. Once they have the access, they will place an obscene amount of long-distance calls and then vanish, leaving the end-users with a very high bill.

SIP Toll Fraud Hacking

This particular type of hacking should by far be a more visible concern for IT teams, however, as mentioned previously, in efforts to avoid any negative press, businesses that are falling victim to telecommunications security fraud quite frequently and often choose to keep things hidden, creating a lack of awareness on the topic.

Because of the flexibility of the SIP, MS-SIP and other proprietary protocols used in the initiation of audio and video calls, the SIP Toll Fraud can occur over PBX or VoIP via edge devices. Given these protocols, it allows for video and audio calls to be initiated from a remote video/phone system via poor video edge device dial plans and security settings. So then hackers specifically target these edge devices and the internal connectivity to the phone systems. Hackers can “spoof” a registration as an internal endpoint to initiate an outbound phone call from the targeted video/audio network, then they can issue a series of dial attempts, hoping the find a way into your PBX via your dial plan.

One crucial thing to note, if your business has a long-standing or well known DNS record, they will be a target to hackers.

How to Take Action Against Telecommunication Security Threats

Partnering with an MSP can make the world of difference. Vision96, for example, is a managed services provider that helps businesses like yours take a stand against telecommunication security threats by protecting your company’s network, and brand. Yes, network security is primarily the responsibility of each IT team, however, it doesn’t end there. For telecommunication security issues to be prevented and dealt with, you need to protect your network and when you partner with the experts, you will be arming your business.

IT Security Services

We offer scalable network support for small and mid-sized businesses. Managed services means discovering and fixing problems before they can negativity affect your business. To learn more, contact us today.