By now most everyone has seen all the press surrounding security issues with Cisco UC/VoIP phones. I need to post some links and comment on this issue. For now, Cisco has released a security advisory for the issue that you can see here:
Here is some information on a number of toll fraud attacks against small business in New York. There are indications that the attacks were perpetrated by Al Qaeda. New York Senator Charles Schumer held a press conference to highlight issues. One attack against a small business owner resulted in some 9,000 calls costing $150,000.
We all know that this sort of thing happens all the time, to large enterprises and small businesses, who don't have the expertise to secure their systems and deploy them in out-of-the-box configurations.
Perhaps it is good that a New York Senator is paying attention. There are affordable, easy to deploy solutions (see www.securelogix.com) to these issues, but all too many enterprises and businesses don't deploy them.
See the comment about the service providers protecting businesses from these practices, like banks protect consumers from credit card fraud. Good luck with that.
By the way, the article shows a Cisco phone - there is no information that shows the attacks were against Cisco systems. Toll fraud can occur on any UC system (Cisco does have very good countermeasures, but the user has to use them).
Here are a couple of links to the FBI IC3 page and an article in Newsweek about some recent forms of TDoS attacks. TDoS attacks are being used as cover and also for "coersion" - hammering a consumer or enterprise user with harassing or threatening calls. Some of the attacks are also affecting emergency services: