March 09, 2011, 8:36 PM — A spike in attacks against IP PBXs that started last fall shows no signs of abating, spawning speculation that those responsible have tapped into botnets and cloud computing resources to carry out their illegal activities.
Regulation: VoIP and compliance regulations make strange and difficult bedfellows
According to separate security reports from Cisco and Sipera's Viper Lab research arm, the exploits are carried out using techniques that lend themselves to the interpretation that the attackers are tapping into broad resources that make their work more effective.
The criminals are using brute force attacks to crack passwords, indicating they may be bringing cheap, easily available cloud computing power to bear, says Adam Boone, Sipera's vice president of marketing and product management. The scale of attacks at any given moment indicates that botnets might be in play, but there is no hard evidence that either they or cloud resources are involved, he says.
The most common exploit against compromised PBXs is toll fraud - using someone else's phone system to make long-distance calls. The second is forcing the PBX to call premium numbers controlled by the attackers that charge by the minute. Businesses whose PBXs have been attacked are billed. "In both types of fraud, enterprises are frequently unable to dispute the charges because they are unable to provide evidence that the charges are in error," the Sipera Viper Labs report says.
Cisco also noted the prevalence of vishing - telephone-based phishing - where callers pretend to be from banks, the government or other institutions and seek to get victims to relinquish valuable personal data such as Social Security and credit card numbers.
Cisco's report, which is about IT security in general, says, "VoIP abuse has been on the upswing and appears poised for further growth." A graph categorizing different classes of attack puts VoIP among those with potential but near to the group Cisco calls "rising stars" that includes Web exploits, money laundering and data theft Trojans.
