IT disaster recovery, cloud computing and information security news

The rise of SIP-based cyber attacks

Cyber attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing in 2016, accounting for over 51 percent of the Voice over Internet Protocol (VoIP) security event activity analysed in the last 12 months, according to a new report from IBM’s Security Intelligence group.

“SIP is one of the most commonly used application layer protocols in VoIP technology, so it’s not surprising that it’s the most targeted. In fact, we found that there has been an upward trend in attacks targeting the SIP protocol, with the most notable uptick occurring in the second half of 2016,” states the IBM Security Intelligence group.

The second most targeted protocol, Cisco’s proprietary Skinny Client Control Protocol (SCCP), accounted for just over 48 percent of detected security events during the same time period. Unlike attacks targeting SIP, SCCP protocol attacks have declined slightly over the past year.

Angela German, director of marketing, VoipSec, commented:

“VoIP risks extend beyond spam and eavesdropping. These phones connect a large variety of devices, and cybercriminals can weaponize any Internet-connected corporate or consumer device. And increasingly, hackers are targeting these vulnerabilities to infiltrate and exploit these networks.

“This trend highlights the growing importance of ensuring appropriate security protocols for VoIP phones and networks. Unfortunately, still far too many companies (small and medium sized businesses, in particular) are either not fully aware of the financial risks or assume that the security available - traditionally the hardware-based Session Border Controller (SBC) - is too complex or costly.

“In fact, cloud based technology can provide companies with an essential first tier of voice security through simple download and install virtual SBC.  Moreover, software based SBCs, either on premise or in the cloud, can also explore community led intelligence about threats and risk experiences to rapidly disseminate new threat information and best practice.”

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.