IBM has issued a warning about an increase in attacks targeting the Voice over Internet Protocol (VoIP) Session Initiation Protocol (SIP).
The company said that according to its Managed Security Services data, SIP is the most targeted protocol, attracting 51.47 per cent of attacks in the last 12 months. The most “security events” occurred in the second half of the 2016.
IBM said that because SIP is one of the most commonly used application layer protocols, it is not surprising that it has become the most targeted.
The second most targeted protocol has been Cisco’s proprietary Skinny Client Control Protocol (SCCP), which accounted for 48.39 per cent of attacks during 2016.
IBM explained that “SCCP is a lightweight, IP-based protocol used for communication between Cisco Unified Communications Manager and Cisco VoIP phones”. However, attacks targeting the SCCP protocol have been falling over the past 12 months.
There were various types of disruption involved in VoIP attacks, according to IBM. Rises in the number of attacks in July and September were largely the result of “specially crafted SIP messages that were terminated incorrectly”.
It is known that persistent, invalid messages can cause vulnerable servers and equipment to fail. According to IBM, an increase in attacks in October 2016 was significantly influenced by SIP messages with invalid characters in the SIP ‘To’ field. IBM said these attacks could be reflective of suspicious activity, which would then require investigation.
The H225 protocol, which is part of the H.323 protocol suite, accounted for just 0.14 per cent of attacks.
IBM pointed out that because VoIP routes calls through the same paths used by network and internet traffic, it is then subject to the same sorts of threats used by criminals exploiting these networks.
This means that VoIP calls can be intercepted, captured or modified and that VoIP can be subjected to attacks aimed at degrading or eliminating service.