Check out the following article. It states that over 200,000 voice phishing/vishing calls into Korea, from other countries, were blocked in January and February. Some additional statistics are given as well that break the calls down by type, bank, etc. Most of them are imitating Korean banks. Unfortunately, there isn't any information about how these calls are blocked, I presumably by Korean service providers.
It seems like US-based service providers could do the same thing - block international calls claiming to be US-based finanical institutions. This isn't trivial though, you need technology at the right location in your network and managing blacklists of numbers takes a ton of work (I know, we do it too).
We just released our 4th annual Voice and Unified Communications: State of Voice Security Report. In this report, we cover the voice and UC issues affecting enterprise customers. We cover the threats and attacks, and also provide sanitized data and examples from some 200 assessments and managed service engagements with our enterprise customers. The primary threats we cover include:
Telephony Denial of Service
Financial fraud and Social Engineering
Service Theft, Toll Fraud and Call Pumping
Harassing and Threatening Calls
Robocalls, Voice SPAM, Voice Phishing/Vishing, and Scams
We also briefly cover evolving threats, such as SIP security and other issues with Unified Communications.
Here is a press release covering the report, as well as the keynote presentation I did at Enterprise Connect.
SecureLogix put out a press release for my new book, Hacking Exposed:UC and VoIP. The press releases includes a video summarizing the book. I posted a link to the video a few weeks ago, but it is here as well.
Here is an interesting report on a variety of fraud issues. One thing that struck me is that voice has become the preferred channel for fraud. Voice SPAM, scams, vishing, social engineering into contact centers, etc. Voice used to be the most trusted communications medium, but now it has become the LEAST trusted. Public voice has a ton of issues - is it any wonder that users are moving to closed systems for voice and messaging???
The M3AAWG Special Interest Group (SIG) on voice fraud and security issues has published their agenda. This SIG will be held February 20-21. I will be on the panel discussing current solutions, with a focus on Telephony Denial of Service (TDoS). I hope to see some of you there:
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is holding a special interest group in their annual conference in San Francisco, February 17-21, to focus on issues unique to voice. This includes Telephony Denial of Service (TDoS), robocalls, voice SPAM, voice phishing, etc. I will attend and be on the solutions panel. Here is a link to an article discussing the special interest group.
Here is a bulletin from the FBI warning about toll free, 1-800 call pumping attacks. The basic idea (I cover this extensively in my Hacking Exposed: UC and VoIP book) is that the attacker, usually an unscrupulous service provider, generates many (perhaps millions) of calls into 1-800 numbers. They profit because they receive a piece of the 1-800 revenue, which is paid by the owner of the 1-800 number. See the bulletin below:
There are two types of attacks, one will "spray" many numbers with very short calls, in order to get a piece of the connect time revenue. Another will generate long calls, usually to a smaller number of 1-800 numbers and IVRs, in order to get a piece of the connect and per-minute charges. The latter form may require some analyis of the target 1-800 IVR, and use of tailor audio which dwells in the IVR through use of menu-looping DTMF tones or other audio.
Either type can generate a TDoS condition, if the attacker generates too many calls or if the calls target a part of an IVR or enterprise with limited bandwidth. This is especially true for calls which dwell in the IVR, because they consume more resources.
See the link below - Dancho Danchev who has blogged extensively about Telephony Denial of Service (TDoS), lists this issue as the #2 cybercrime trend for 2013. I agree and we are likely to see it grow in 2014.
The Hacking Exposed: Unified Communications and VoIP book is finally done!!! The new revision is a great improvement and covers the primary issues that are effecting enterprise Unified Communiciation (UC) and VoIP networks.
The writing has actually been done for a few weeks and the book will be printed, bound, and available around the end of the month. You can get it off of Amazon at:
In my Hacking Exposed: UC and VoIP book, I described a process for using Asterisk and a call generator along with SIP-based access to the voice network to launch TDoS attacks. This process is pretty easy to do, but not yet at the "script kiddie" level. It is certainly effective, but takes a little know-how.
The tool that Dancho describes is apparently much more turnkey. It is ready to go and appears to have preconfigured means to send calls into the network (Skype, vulnerable SIP servers, etc.), so it could pretty much be used by anyone. The tool also comes preconfigured with cellular access so it is more anonymous (although you can also easily get public wifi access on just about any street corner). The tool is also multi-threaded, which I assume means it can generate more concurrent calls through multiple origination points.
Many of the recent TDoS attacks are targeting a very small or even a single critical phone number, such as a hospital emergency room or ICU. Many of these attacks use cheap manual labor to generate the calls. The tool described above could easily be used for this same purpose, enabling many simultaneous attacks against many targets. If it can generate 100 concurrent calls, it could be used to attack up to 100 targets at a time. That is a much better model than hiring 100 people to be on the phone.
A sheriff's office was affected by a Telephony Denial of Service (TDoS) attack and force them to voluntarily take their primary number out of service. For more information, see the article below. If I get more details I will post them.