March 09, 2011, 11:02 AM — In its recent annual security report, Cisco predicted VOIP abuse as a potential area for cyber crime growth.
"Criminals use brute-force techniques to hack private branch exchange (PBX) systems to place fraudulent, long-distance calls; usually international," the report states. "These incidents, often targeting small or midsize businesses, have resulted in significant financial losses for some companies."
Also see VoIP security: The basics on CSOonline.com
One of the most popular scams employed by VOIP-abusing criminals are vhishing schemes, which are telephone-based phishing ploys. The report points to one recent vhishing scam targeting the Federal Deposit Insurance Corporation. Vhishers called U.S. consumers on mobile and land-line phones to inform them they were delinquent in loan payments that had been applied for over the Internet or made through a payday lender. Criminals were able to collect personal information, such as Social Security numbers from victims, according to the report.
"What we've seen in the last couple of years is growing VOIP abuse around getting access to someone else system with baseline security hacks and then either using it for criminal purposes or selling it to other folks as long distance," said Patrick Peterson, Cisco fellow and chief security researcher."Some people have made money that way and some victims received huge telcom bills."
Peterson and Cisco technical manager Randy Birdsall explain why VoIP abuse has been on the upswing in recent years and appears poised for further growth.
It's widely deployed
According to market research firm In-Stat, almost 80 percent of businesses will use Voice over Internet Protocol by 2013. And VoIP is in most enterprises in some fashion by now, according to Peterson. Whether it's fully deployed or still being tested, it's now pervasive, and therefore a target for criminals.
"Anytime there is a free, anonymous resource, criminals flock to it because that combination of free and anonymity is too good to be true," said Peterson. "What we've seen is an extraordinary increase in the last few years in the number of cracking attempts, and port scans, and attempts to log in with default admin passwords on various VoIP access points."
As VOIP has gained popularity, it's now a worthwhile endeavor from criminals because there is a large pool of potential victims to pull from. Birdsall said the concern among organizations using VoIP has changed, too.