Businesses could prevent a lot of these attacks by changing the port they use for Session Initiation Protocol (SIP) connections on their VoIP systems, by blocking connections after a certain number of failures, and by simply using better passwords on their voice systems, security experts say.
The problem is that for most small and medium-sized businesses, security is just not a priority. "People care way more about whether their conference calls are going to have decent phone quality," said Rodney Thayer, chief technology officer with VoIP security company Secorix.
They don't think about their VoIP systems as vulnerable to Internet attacks just like Web or e-mail servers, and that's a mistake, Thayer said. "They think about it as a different system, and it's not," he said. "It's all the same stuff; it's all data going over a network."