Hacking is often associated with computers being remotely accessed for information and data due to a flaw in the system and vulnerability caused by the Internet. This leads to leaked information and documents impacting customers privacy and sensitive information, along with the impacted company’s reputation and security. However, hacking can also occur with VoIP systems, as many companies communicate via calls and the system is also linked to the Internet.
Recently, Cisco discovered a bug that impacted phones by allowing hackers to access and even make calls to gain information. They have created an update to resolve the threat, which will be available in August. The Cisco phones that were targeted were 6800, 7800, and 8800 systems.
The strategy for attackers is to attack the phone systems during times when the office is vacant for a longer time period, which includes weekends and holidays, as it takes longer to notice and act. In this period, they will try to increase a company’s phone bill by making outgoing or long-distance calls. There are also other forms of threats beyond a costly phone bill.
a. Eavesdropping is a major risk, creating an opportunity for hackers to listen in on calls and gather classified data and knowledge. These calls may include sensitive information pertaining to clients or the company itself.
b. Voicemail hacking is another threat, as important messages can be accessed and used for malicious purposes such as blackmail.
c. Softphone hacking allows attackers to replicate a company’s account by discovering the authentication details. From this, the hackers can listen in on conversations or take a more active approach and make phone calls impersonating the company.
d. Denial of service aims to prevent actions from a company, such as intervening and blocking outgoing calls.
e. Toll fraud refers to hackers using a company’s phone systems to complete long distance calls with toll charges, producing an expensive phone bill for the company to pay.
Therefore, it is important to be mindful of these threats, and have security precautions in place to deal with situations like these. By being aware of the tactics used by hackers, a company can better understand how to avoid or even protect sensitive information.