nobeastsofierce - Fotolia
A new cloud service from the voice management vendor Oculeus aims to help businesses avoid exorbitant charges from toll fraud -- also known as PBX hacking -- by monitoring for anomalies in voice traffic.
Toll fraud cost businesses more than $3.8 billion last year, Oculeus said, citing a report by the Communications Fraud Control Association. The practice involves gaining access to a PBX system and generating repeated calls to expensive, long-distance numbers.
Oculeus-Protect builds a profile of a company's calling habits based on the location of its offices, partners and customers. The system then flags phone calls that seem suspicious and can end those calls within milliseconds, according to Oculeus, which is based in Frankfurt, Germany.
Oculeus developed the toll fraud prevention service after suffering a toll fraud attack itself. A hacking operation that lasted two days over one weekend last December left the company with a $13,000 bill.
In most cases, toll fraud isn't addressed until after the damage is done, said Michael Brandenburg, analyst at Frost & Sullivan. A service like Oculeus-Protect could help companies be more proactive if it's easy to configure for businesses with smaller IT staffs.
"The allure of managed security services is not necessarily going to be in the large enterprises that have dedicated security staff," Brandenburg said. "It's going to be those [midsize] to small [businesses] that have no idea where to start."
Oculeus-Protect relies on Session Initiation Protocol, which is used to manage IP-based voice communications. SIP separates a phone call's media layer -- the human conversation -- from its signaling layer, which determines how to route the call. Oculeus-Protect only gets access to the latter, the company said.
The toll fraud prevention service is available for a monthly subscription fee based on the number of PBXs that a company wants monitoring.
The switch to IP-based telephony has made unified communications (UC) systems more vulnerable to attacks in recent years. Now, if hackers get into a company's network through a poorly configured Wi-Fi system or an IoT device, they typically also will be able to access the phone system.
But UC security still isn't top of mind for many IT professionals, Brandenburg said. Denial-of-service attacks -- either against a company's phone lines or its network -- are another common problem for which enterprises should be prepared, he said.
"For me, it's a concern for the entire industry," Brandenburg said. "It's Cisco and Avaya making sure their customers are patching the latest vulnerabilities. It's BroadSoft making sure their service provider customers are doing similar due diligence."