Over the last couple of years the occurrence of telephone system hacking has seen a massive increase; the reason for this is simple… Attacking business telephone systems is a high profit low risk activity.
A hacker will normally link together several unprotected telephone systems making tracing the calls almost impossible. They generate profit by dialling premium rated telephone numbers; these are usually of the international variety. The profits they can make from these attacks are alarming and have the potential to bankrupt the target.
Just consider if one phone line can generate a £5.00 per minute call charge, now let’s assume that the attack starts at 5.01pm on a Friday and goes undetected until 9.01am on a Monday morning, that’s 3840 minutes at £5.00 per minute, totalling a charge of £19,200. Now if your system can generate 10 outbound calls that figure could increase to £192,000.
Luckily by following the guidelines below, you can seriously reduce your exposure to this type of attack…
Telephone System Passwords
- Do not use a default corporate password
- Do not use a user extension number as a password
- Do not use simple number password combinations (000000)
- Do not use simple number password patterns (123456)
- Do remove all manufacture default passwords
- Do remove all unassigned voicemail boxes
- Do programme your voicemail system to require minimum passwords of 6 characters, the more complex the password the more difficult it will be to guess.
- If possible programme your voice mail system to force users to change their password every 90 days.
- Passwords should not be posted or distributed
- Passwords should be changed on a regular basis
- Passwords should be changed from default passwords
Telephone System Security
- External call forwarding should be restricted
- Call barring levels should be assigned for long distance calls
- Calling access to known high toll fraud areas should be barred or restricted
- General access phones should all be limited to calling local numbers only
- Monitor systems with a call logger checking for long call durations, high call volume, calls to unusual locations, high traffic after business hours, and calls to international or 0990 numbers.
- Remove any unused voicemail boxes
- Only provide voicemail boxes to users who need them.
- Use emails to notify users they have voicemail messages
- Use call barring to restrict outbound access where possible
- Deny inbound calls via auto attendant to external numbers
- Restrict voicemail revert (0) dialling to pagers or mobiles
- Restrict voicemail remote notifications going to pagers or mobiles
- Restrict personal IVR’s (eg. dial 4 to transfer to my mobile)
If you would like to discuss the security of your current telephone systems and how we can help you to improve your protection against these attacks please get in touch with us today at email@example.com or call us on 0800 50 533 50.