With a dominant share of attention being justifiably devoted to cybersecurity by enterprises, voice security is often given too little attention. Technologies and techniques to enable voice fraud and threats are increasingly sophisticated, damaging both businesses, their reputations and in some cases their customers. What’s needed is a renewed focus on voice vulnerabilities to protect against threats and reinforce user trust in voice.
The threat is substantial but so far little is being done to address voice threats. A recent study from research firm Metrigy uncovered that while more than 90% of IT leaders think voice security is important, fewer than 50% have implemented any sort of strategy to address. Perhaps of greater concern is that just 21% of organisations have adopted a full voice security strategy.
Voice threats include brute force attacks that use auto-diallers for robocalling to create Telephony Denial of Service (TDoS) attacks. Another example is toll-free traffic pumping in which fake traffic is generated to an enterprise’s toll-free numbers forcing them to pay for fraudulent traffic. Hacking into VoIP systems to commit premium toll rate fraud or to impersonate remote agents to steal data is also widely seen. Finally, frauds that involve high volumes of nuisance calls being placed to disrupt normal operations by consuming enterprise UC or contact centre resources are proliferating.
These four examples are only some of the methods criminals are utilising to commit fraud or steal customer data and voice threats affect all enterprises that use an IP-PBX, IP-based unified communications and collaboration services, or that have an IP-based contact centre.
The good news is the pushback has already begun with the availability of tools and techniques to combat threats across multiple dimensions. A three-step process is key to identify and prevent voice threats before they cause business disruption. These steps are pattern recognition and anomaly detection, reputation scoring, and policy enforcement.
The process of improving voice security starts with pattern recognition based on machine learning models. Using an enterprise’s network call data, it is possible to learn normal call traffic behaviour. With this as the baseline it is also possible to detect any anomalies that would indicate potentially malicious calls and to identify the bad actors behind them. Importantly, the process doesn’t stop here because this reputation data is fed into a threat intelligence database that makes is simpler and faster to identify repeat actions from bad actors. This feedback loop continually refines accuracy.
The second step, reputation scoring, uses the threat intelligence database plus content from numerous third party and national data sources to create an even larger data set that is used to create and assign reputation score (a numerical value) to indicate the likelihood that a given call is malicious or illegitimate. Reputation scoring utilises pattern recognition, based on machine learning models, to perform this assessment
The third step is policy enforcement. First an enterprise will define policies on how they want a given call to be handled during the call establishment phase, based on an assigned range of reputation scores. Once a given call has an assigned reputation score, it is possible in real-time to match it up with enterprise’s defined policies and then invoke the proper call handling procedure. For example, a given call that is deemed as malicious or illegitimate can be blocked, routed to a voice mail system, routed to an announcement server, or any number of other options.
The policy enforcement step is how to mitigate voice-based attacks before they disrupt legitimate voice calls or harm the business. Session border controllers (SBCs) are the primary tool used for enforcement because they protect against a wide range of theft of service and fraud crimes. In addition, they help mitigate bandwidth issues caused by denial of service or traffic flooding attacks by isolating the offending traffic and preventing it from reaching the VoIP network.
“The threat of fraud or data theft is well-known in cybersecurity but far too little attention has been paid to voice threats and fraud,” said Dan Teichman, Solutions Marketing at Ribbon. “That’s why we’ve developed Ribbon’s Voice Threat Prevention solution that encompasses pattern recognition, reputation scoring and policy enforcement.In addition, the enterprise customer has dashboard and reporting access to see the threats they face and understand how their solution is succeeding. It’s time for enterprises to take voice threats seriously and fight back against the fraudsters.”
