Lead Image © Christos Georghiou, 123RF.com
Attacks on telephone systems
Overcharged
Phreaking, the unauthorized access to phone systems, has been a lucrative business for cybercriminals for many years. According to estimates by the Communications Fraud Control Association (CFCA), it causes annual losses of around $4.4 billion.
Attackers typically follow the same method: They automate the search for companies that operate their own telephone systems with an integrated voicemail function. Then, they rely on port scans, simple brute force attacks, or sophisticated social engineering techniques to penetrate the systems. If they discover an integrated mailbox, they use unmodified or easily guessed standard PINs to compromise a vulnerable system. Via the answering machine, the attacker can then access the phone system and make various changes.
In general, this approach is used to perform calls to previously created premium numbers that are only available for a limited time. Some providers have proactive anomaly detection in place and can use this to determine an above-average number of calls or connections to unusual destinations. They usually inform their customers within 48 hours after particularly high volume of connections. However, as an administrator, you can watch for the following signs:
- Numerous calls to international numbers from just one extension.
- Numerous calls outside business hours to countries with which the company has no business relations.
- Numerous short calls to a chargeable number.
Effective Protective Measures
You can improve security through strong passwords: Change them regularly and revise your password policies. During commissioning, change all default passwords (PINs) of the telephone system and its extensions. Use call barring to restrict outgoing calls to normal business hours. Require passwords for long distance calls or calls to premium numbers. In addition, the responsibilities and administrative
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Targeted attacks on companies
Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks. - Fileless Phishing Attack Infects Windows Systems
-
Stopping Side Channel Attacks
Sometimes error messages or log entries are too verbose for their own good, disclosing valuable information to attackers.
-
Security analysis with Microsoft Advanced Threat Analytics
Classic security safeguards, like antivirus and firewall products, are imperative for system protection. To search proactively for network intruders, as well, Microsoft offers Advanced Threat Analytics – a tool that will help even less experienced admins. -
Reducing the Attack Surface in Windows
The sum total of all possible points of attack can be defined as the attack surface, and you need to take every opportunity to minimize it to the extent possible. Windows has built-in rules that minimize the attack surface; they simply need to be enabled.