Christmas VoIP attacks 2014


Firstly, a very happy New Year and we trust you had a good break.

This time last year, we know many people hadn’t, and we’d spent the majority of the holiday period dealing with the consequences of our customers and their end-users falling victim to VoIP Fraud. This was pretty annoying as those compromised were entirely comprised of those who hadn’t implemented any of the many, many protections we offered to prevent or at least contain an attack. This prompted our “How did you fare?” blog post in January 2013 and was the driver behind the publication of our VoIP Fraud Analysis white-paper and a somewhat busy year following.

In early December we saw a fair few of our automated blacklist notifications to some customers – sent when an account tries to dial known problem numbers blocked at network level. These are business as usual really and the only feature all customers get regardless of configuration. Uniquely though, from our  honeypot data we know about and monitor for what we’ve called ‘test numbers’. These are ordinary geographic numbers that fraudsters use to verify a compromise sometimes long before exploiting it and are absent from commercial feeds as they precede the attack. Some of the alerts were for these numbers and were a warning sign of impending attack.

So, this Christmas, we again warned you of the opportunity the forthcoming quiet period posed and reminded you how our beta portal surfaced all of the anti-fraud features and made it a two-minute job to configure them. Thankfully you listened!

We’re delighted to say that to our knowledge and based on our data here this period was considerably less troublesome than 2013. Customers were of course attacked but a critical mass of our customer base have configured some or all of the numerous features we offer. There were alerts, and thankfully due to them being automated customers got them immediately, often by SMS if they’d configured it that way, and were able to react immediately without our intervention. In other cases they were compromised and under low-level attack for prolonged periods, ignoring our alerts along the way. Thankfully though they had configured some of our mitigation features, e.g. a rate limit on the number of calls to “hotspot” countries per 12 hours, rendering the compromise essentially impotent. Others were fully using our trunks, with bespoke fraud settings per end-user giving total granular control. Some have even configured us for routing calls from legacy PBXs over the PSTN giving real-time control/visibility rather than nervously waiting for January CPS bills!

The fraud threat is larger than ever so our work is by no means done, but it is gratifying people are listening and noting the benefit. Our largest customers by value are now using our unique features to manage risk and newer small customers enthusiastically embrace the features we offer. Numerous longstanding Communication Providers of all sizes are moving their wholesale business to us specifically because we do rather than talk – we’re authentic. This is all good but there are a swathe of customers (who tend to be small to mid-sized but relatively long established) who still have not acted, including some of those who fell victim repeatedly last year. We put it down to luck they weren’t had again this year and sadly only a matter of time before they are again, despite our best efforts.

If you’re a customer who hasn’t taken advantage of the features we offer but need help, do give us a call. Two minutes setting some basic limits can make a huge difference! If, on the other hand, you’re not yet a Simwood customer, protect yourself today or give us a call!