The latest wave of Denial of Service attacks

Hackers have been able to weasel their way into computer networks from nearly every direction. From malware to ransomware, and everything in between, cyber crooks are always looking for new ways to steal information and disrupt business-as-usual for monetary gains. While most companies understand the importance of securing their corporate networks, there is one area that is often overlooked, but is becoming an easy target: VoIP systems. VoIP systems are dynamic, complex, and oftentimes require different tools than what a legacy firewall can provide, making the issue of telephony security a challenging one. Companies need to ensure that lines of communication are open and working well, so many are reluctant to put too many layers of defense on top of their telephony solution.

Unfortunately, hackers have become aware of this likely gap in defense, and have started to take advantage of it. A new class of attack targeting call centers, called telephony denial of service (or TDoS), have started appearing by the dozens. Like other denial of service (DoS) attacks, TDoS attacks seek to clog lines and interrupt regular business with a flood of false traffic. In the case of TDoS attacks, the attacker floods telephone (VoIP or traditional) lines at a call center with repeated calls from spoofed numbers, clogging lines for up to several hours and inhibiting real users from connecting. The goal of these attacks may differ. In some cases, they could be the work of activists or pranksters just trying to cause trouble.

In other cases, attackers try to monetize the attack by first extorting the victim. In a recent case, attackers posed as collections agents and dialed a call center, demanding payment of thousands of dollars for a false debt when someone answered. When the victim refused to pay and hung up, the TDoS attackers started. As compared to large bandwidth DDoS attacks, TDoS attacks don't take many computing resources or technical know-how. It is fairly easy to clog a phone line by simply calling it over and over again. Attackers employ VoIP automation scripts to dial the victim's phone number, hang up, and then redial repeatedly, overwhelming the line and making it impossible for other calls to come through. And because the attackers are able to use spoofed numbers, it is difficult for the victim to differentiate between a TDoS call and a real call.

In the most recent TDoS attacks, that targets were emergency services, such as ambulance or air ambulance services. For organizations like these, it is critical that phone lines remain open and available to ensure prompt response to emergency situations. This is where the major concern lies in these types of phone system attacks.

Share This on Twitter | Share This Link on Facebook | Share This on Linkedin 

Employees admit to accessing or stealing private company information

      
   In a survey of 1,000 employers by LogRhythm, 80 percent do not believe any of their workers would view or steal confidential information, while three quarters (75 percent) admitted to having no enforceable systems in place to prevent unauthorised access to company data by employees. Interestingly, a third of those employers believe that they do not need such systems at all. In addition, around two thirds of companies surveyed (60 percent) do not regularly change passwords to stop ex-employees being able to access sites or documents. However, in a corresponding survey of 2,000 employees, 23 percent admitted to having accessed or taken confidential data from their workplace, with one in ten stating that they do it regularly. The most accessed confidential data related to details of colleague salaries (38 percent) and details of colleague bonus schemes (23 percent). 94 percent of those who had accessed confidential information or stolen company data had never been caught.

“There is a clear gap between businesses’ internal security procedures and the harsh reality of employee behaviour,” said Ross Brewer, vice president and managing director for international markets at LogRhythm. “In an era where data breaches are considered inevitable, and with the government urging for greater consideration of cyber threats within businesses, the amount of employers who are doing nothing about unauthorised access across their networks – and the even higher number who don’t perceive any risk at all when it comes to employee data theft – is staggering.” “Even more worrying than the lack of systems in place to stop employees stealing data is that many organisations still have no idea what’s happening on their networks at all. With recent government proposals to increase the sharing of cyber threat intelligence among businesses, the first stage must be to ensure that more employers have the right level of visibility to track suspicious or abnormal behavior on their own networks – but this is clearly not happening,” continued Brewer.

When asked, more than a quarter (27 percent) of employers could not identify the biggest threats to their confidential data, while 14 percent did not even know whether employees have stolen data – even though they believe employees would do so. “It’s one thing to place too much trust in your employees and consequently neglect to enforce any systems monitoring unauthorized access and stealing of data. However, the fact that 14 percent of employers think their employees would steal data, and yet have no idea whether or not this has actually happened to them, is simply unacceptable. One of the main reasons why the ‘era of the data breach’ is now hitting hard and fast is that organizations just don’t have the level of visibility into their IT networks needed to secure their ever growing infrastructures. Employers therefore need to ensure they are proactively monitoring every single activity that occurs across their entire IT estate – both from the inside and the outside – rather than placing too much trust in reactive perimeter defenses or security strategies focused on securing particular areas of the IT estate, which don’t give organisations any insight into anomalous network activity,” continued Brewer.

Share This on Twitter | Share This Link on Facebook | Share This on Linkedin