When most enterprise companies worry about having their systems hacked by attackers, the main concern is for the enterprise networks. Few companies consider that their phone systems may be vulnerable to hacking resulting in costly toll fraud. Nevertheless, the practice of hacking into corporate PBX systems and injecting fraudulent calls over the network is causing billions of dollars in damage worldwide every year.
Enterprise companies use modern PBX (private branch exchange) systems to run their communications. A PBX switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. Modern PBX systems work on the Session Initiation Protocol (SIP), which is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.
SIP is a protocol that runs on the internet rather than on traditional telecommunication lines. It creates a vulnerability because the protocol is open for anybody to get into these communications if they have the access credentials. The only thing an attacker needs to hack a PBX is a login ID and password and then it’s possible to start a fraudulent voice communication via a telco operator.
This is a common occurrence. A fraudster logs into a device on the PBX and is then able to inject other people’s calls into the enterprise’s phone system. The fraudster resells this calling capacity to people or companies who want to place calls to high-cost destinations, often in Africa and other far away destinations. The telecommunications service connects these unauthorized calls to their destinations because they look like legitimate calls to the phone company.
Who gets stuck with the bill for the calls? The enterprise, of course.
Once the billing period is over, the enterprise receives an invoice for the telecommunications services that were provided over that time period. It is now when the enterprise may discover the fraudulent use of its phone lines. The thieves can easily rack up tens of thousands of dollars’ worth of calls without anyone knowing until it’s too late.
Telecom service providers are aware of this scam, but they are virtually powerless to stop it because the PBX equipment is on the customer’s premises and out of their control. It’s no longer part of the well-protected and proprietary telecommunication network. But mostly, the vulnerability comes from SIP, which is easily accessible to anyone. If a hacker can get the PBX login credentials – say, through phishing or some other method – a breach is inevitable.
Preventing PBX fraud with Oculeus Protect
Oculeus recently launched an anti-fraud service to protect enterprise telecommunication systems. The solution, Oculeus Protect, monitors the signaling of calls within the PBX and uses machine learning and behavioral analytics to assess the likelihood of calls being fraudulent. If the risk is deemed to be high, the system can drop the calls shortly after connection in order to minimize the fraudulent charges.
A call has two parts of interest. One is the signaling that accompanies a call attempt. The PBX essentially says, “I have a call going to this destination. What should I do with it?” The signaling also contains information about when the call has ended. The other piece of interest is the call media, which is the actual content of the call. Invoices are based on the amount of time of the call media. Oculeus looks specifically at the signaling to understand, in real time, whether the call is authorized or not.
The enterprise establishes a company profile to provide guidance to Oculeus. This profile identifies things such as the company’s typical business hours and work days, typical business regions, countries where calls would normally not be call destinations, and other relevant parameters. Then once the Oculeus service is activated, it learns a company’s typical calling behavior and looks for anomalous activity that is outside the profile and/or the normal behavior. Oculeus also uses input from its broad customer community to incorporate known fraudulent call destination numbers. Call destinations, as well as costs, can be evaluated for fraud.
Suppose that U.S.-based employees of a global corporation typically call locations in the U.S. and Europe, and then there is a call to Burundi in Africa. The call is originating on a weekend, when employees aren’t normally working. Burundi is a known location for high-cost calls. Oculeus Protect can immediately identify that call as high risk and take action, such as to drop the call or send an alert to an administrator.
This solution is simple to deploy. A company would just point its PBX to Oculeus’ cloud-based protection system, which performs the behavioral analytics via the evaluation profiling system. Then a call controller determines what to do with the calls that are analyzed.
It includes a dashboard that allows an administrator to view call histories and patterns, which can help to fine-tune the company calling profile. Oculeus claims to have a very low false-positive rate that would drop legitimate calls.
Oculeus works with telecom service providers, as well as enterprise companies that have their own PBX system on premises.
Thanks to Linda Musthaler (see source)