When it comes to information technology security, IT leaders and executive stakeholders usually look to all the main areas first. This includes putting a firewall up at the network level, ensuring individual applications all have their own built-in security measures and using the latest antivirus and anti malware protections to guard against attack. Many organizations even go on the defensive with overall network and infrastructure monitoring in an effort to catch any suspicious activity before it leads to a cyber attack.
However, there's one area that many decision-makers overlook in terms of data protection and security: their UC system. From email to VoIP to live chat and file sharing, a considerable amount of sensitive data is transmitted, stored and shared through UC solutions. And while email may come with protections like encryption, this isn't the only platform that hackers look at pinpoint, attack and steal from.
"You think you're protected against malware, you're protected against email, you're protected against web server attacks. Well, have you thought about the [unified communications] side?" Mykola Konrad, UC industry expert, asked in Silicon Angle.
A "wide-open window" for hackers
One of the biggest issues currently with UC security and overall data protection rests in the fact that many organizations are migrating their UC apps from on-premise networks to IP – voice, video and instant messaging, specifically, are often IP-based.
Because these platforms had not operated over IP previously, their use in this manner requires a new application to support IP functionality, creating a new area that companies must protect.
"UC is now a wide-open window in and out of the enterprise supporting voice, video and file transfer."
"Attacks against unified communications (UC) are some of the fastest growing and most misunderstood threats organizations face today," network and technology expert Kevin Riley told CSO. "UC is now a wide-open window in and out of the enterprise supporting voice, video and file transfer. So, it's not just a matter of protecting what gets onto the network, but what leaves the network as well."
Breaching the network to snoop sensitive data
Because so much sensitive data is transmitted via UC solutions, these platforms are considerably attractive to hackers. After all, once they find a way to breach the network, cyber criminals can remain within the network, breach communications platforms and spy upon the sensitive information users are sending and receiving.
Even something as simple as contact information can be put to use within the dark web. Snooping information is a common activity leveraged by hackers, and this data can then be sold within underground marketplaces, or used to support more damaging attacks.
Consider this: A hacker breaches the company network and is able to view the business's directory and associated contact information. The attacker could then use these details to craft a legitimate-looking email to a company higher-up, encouraging them to open and download a malware-laden attachment, send a fraudulent wire transfer or any number of other malicious activity.
Data exfiltration: Leveraging UC ports for theft
As Konrad told SiliconANGLE, the open nature of communications platforms enables their functionality – apps like voice, email and chat must be able to both send and receive transmissions in order to enable their correct working order.
However, the open network connections that allow for unified communications can also be used to support data theft. This takes information snooping a step further – here, hackers don't just spy on data, they actually transmit it back to systems under their own control to be used for other attacks, or sold for fraudulent purposes. This style of attack often centers around sensitive details like customer information – names, addresses, payment data and any other data – but can also encompass other data which can be put to malicious use by cyber attackers.
"The range of [user datagram protocol] ports to put media through is wide open," Konrad explained. "It has to be; otherwise it won't work. And so [hackers] can exfiltrate data through that."
Denial of service attacks
While information snooping and theft is always a worry for IT leaders and business executives, these aren't the only type of attacks that can impact UC systems. Konrad pointed out that denial of service attacks rank among the top threats that UC security leaders should be aware of.
Denial of service attacks involve bombarding specific systems or the servers underpinning them with so much traffic that it prevents legitimate users from accessing and utilizing the system. These instances can have impacts on internal employee operations as well as relationships with customers and business partners, and are quickly becoming a rising concern in the current cybersecurity threat landscape. Earlier this year, developer platform Github was impacted by a DoS attack that included 1.35 terabits per second of traffic – the largest attack of this kind ever recorded, WIRED reported.
Understanding UC attacks: Guarding against infiltrations
As authors Nicholas Grant and Joseph W. Shaw II noted in their book, "Unified Communications Forensics," a typical attack on UC technology starts with attackers seeking to gain access to the network without alerting security systems or administrators of their unauthorized presence within the network.
From here, hackers will scan the network and its connected systems for unpatched weaknesses that they can then use as a springboard to enable attack. Once a vulnerability is identified and exploited, hackers have access to the network and UC solutions, and can carry out their malicious activities from there, exfiltrating data through open network ports if that is their purpose.
With the anatomy of a typical attack in mind, there are a few steps organizations can take to better safeguard their networks and UC solutions:
- Leverage activity monitoring which can help identify any traffic or resource use that isn't part of regular activity. This could provide an early sign that an unauthorized user is attempting to breach the network, or is already working within certain systems. From here, the IT team can pinpoint and stop the activity, if they do discover that it isn't legitimate.
- Ensure that all updates and security patches are applied. When vendors release updates or patches, these should be implemented as soon as possible to ensure that there are no exploitable weaknesses available for hackers to leverage for attack.
- Include endpoint security to prevent individual devices being used as entry points to the network or its platforms.
It's imperative that IT leaders and executives include unified communications systems in their overall security considerations. Partnering with a provider that can offer advanced UC solutions that include their own, built-in security measures also goes a long way toward data protection.
To find out more, connect with the experts at Teo Technologies today.