SBCs – the soft underbelly of IT security

Making big fast changes is fraught with risks. 

Consider the recent spate of ransomware attacks targeting hybrid workplace IT systems deployed during the pandemic. In the race to keep at-home workers connected, many organizations unintentionally poked holes in their security screens. Hackers don’t need to be asked twice. 

VoIP security – hello?
While organizations busy themselves with IT security’s ‘big ticket’ items – such as devices, apps, networks, infrastructure, and data – VoIP technology doesn’t get the same sort of attention. And yet VoIP technology supporting voice calling is popularly exploited by hackers, mainly for the money. The Communications Fraud Control Association puts the cost of toll fraud at $38 billion.

But that’s not all. VoIP platforms also present hackers with a softer target to disrupt, using DoS and Distributed Denial of Service (DDoS), and unleash sideways creeping malware to orchestrate ransomware attacks.

How is this possible when VoIP systems are now firmly entrenched in the IT network?
Unlike traditional software applications running on IT networks, which benefit from routinely updated security systems, such as firewalls and AV software, VoIP platforms rely on Session Border Controllers (SBCs) – specialist technology often unfamiliar to IT managers. Consequently, the job of managing SBCs and attendant updates, reporting and management, is often neglected, leaving the door open to hackers.

SBCs were originally conceived to protect and control VoIP networks, but these days now regulate all forms of real-time digital communications. And while they provide some protection, on their own they are no match for today’s more sophisticated cyber-attacks.

Understanding the fallibilities of poorly attended SBCs requires a closer look at Session Initiation Protocol, or SIP – signals that initiate, maintain, and terminate voice, video, and messaging applications. Every SIP session is tagged with the IP address of the point of origin and destination. Hackers can use this information to penetrate neglected SBCs to launch their attacks.

All going well, an SBC encrypts the internal components of SIP messages to stifle would-be network hackers. SBCs can also be configured to block traffic from blacklists and reject malicious looking SIP messages. But only when they’re actively managed, updated, and tuned to provide real-time threat updates. 

Coming ready or not
Hackers are busy targeting SBCs. Since March 2020 UC systems under the watchful eye of Virsae’s AI diagnostics platform Virsae Service Management (VSM) have recorded over one billion spurious attempts to gain access to networks.

The two principal methods of hacking SBCs are either SIP registration requests or invitation messages. While SBC logs can identify suspicious activity, such as IP addresses from doubtful locations, and DoS and DDoS attacks, SBC logs vary across vendors. The threat intelligence you get is limited to what you’re given.

Then there’s the challenge of sifting over-sized log files to identify suspicious activity and compromises. And while raw historical data contained in log files tell the story,  on their own they’re not enough to put IT security teams on the front foot. 

Virsae Security Manager’s real-time threat awareness is designed to help IT managers turn the tables on attackers, putting a window to attacks weathered by SBCs to pinpoint network vulnerabilities and inform critical changes.

In the same way modern CCTV intruder detection systems can activate alarms to instantly alert homeowners when an unknown individual is on the property, VSM Security Manager watches and flags suspicious activity, keeping UC managers in the picture and one step ahead of the bad guys.

Drawing on VSM configuration, capacity, release, and availability data attached to essential SBC resources, Security Manager shows threats in real time, identifying trusted and untrusted networks, and flagging SBC rules that are being tested by threatening behaviour.

Learn more about VSM Security Manager and get ready to:

  • Proactively identify potential SBC issues and prevent outages

  • Provide a real-time view of overall system health, without having to rely on end users to report problems

  • Reduce Mean Time to Repair (MTTR) for service-impacting incidents

Latest Virsae Blog