The continuing migration to IP-based telephony systems has brought several security vulnerabilities to enterprises.
Cybercriminals know how to leverage the vulnerabilities inherent in the IP systems and execute financially damaging telecoms fraud attacks on enterprises. Telecom fraud today mostly involves IP-PBX systems used by enterprises, and so they are clearly a cybersecurity issue, says Arnd Baranowski, CEO, Oculeus, a provider of OSS/BSS and anti-fraud systems for telephony service providers.
The ongoing Covid pandemic has further worsened the PBX-based telecom fraud scenarios, says Baranowski. With many employees opting to work from home and other remote locations, the attack surface has expanded significantly, making enterprises at greater risks of financial loss and damage to reputation.
PBX hacking is more serious than other telecom frauds
IP-PBX hacking involves cybercriminals hijacking the enterprise PBX system and injecting high value calls to expensive destinations. An enterprise often discovers the fraud only after thousands of dollars of calls have been made on its telephone systems, and thus ends up paying hefty bills to the telco service provider. Fraudsters tend to deliberately target PBX hacking attacks during weekends or holidays when vigilance is lower.
Baranowski argues that PBX/IP PBX hacking is the main telecoms fraud type that enterprises should know about and protect against. “Unlike other types of telecoms fraud, such as robocall and Wangiri, which mainly creates irritations for recipient, PBX hacking causes financial losses for the enterprise,” he added.
The Communications Fraud Control Association has classified PBX/IP PBX hacking as one of the top fraud types resulting in US$3.6bin financial damage to businesses each year. Due to the ongoing pandemic and the vulnerabilities it brings to the enterprise telephony systems, this figure is expected to rise further in the coming years, according to Oculeus.
The evolving SMS frauds in Covid era
Another emerging telecoms fraud threat that has grown significantly in recent times is SMS fraud. During the Covid pandemic, there have been many high profile SMS-based smishing attacks and flubot fraud attacks.
Today, large enterprises and service providers are relying on SMS as a secure channel for two factor authentication and sending other security-critical messages. Enterprises are using the SMS channel because it is deeply trusted by customers. However, the growing types of SMS frauds threaten to undermine this trust and may eventually force enterprises to find alternative communications channels for contacting customers with critical information.
Protecting against telecom frauds through real-time monitoring
Modern enterprises have realized the need to secure their telecom infrastructure with advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML), so many have scaled up their security investments recently.
AI and MLare increasingly used in better understanding the communications traffic and patterns in order to intelligently adapt to new threats and provide anti-fraud counter measures, such as call blocking, with much faster response times, in near real time.
Oculeus leverages AI and ML to provide enterprises with real-time insight into their communications traffic and automated framework to prevent false charges on their telephony network. Oculeus-Protect is the Cloud-based fraud protection solution that protects the enterprise PBX systems and voice telephony networks from the risks of hacking and toll fraud, the company states.
“To address the ongoing IP threats and the new post-Covid threats, a cybersecurity approach is required. At the same time, automation should be maximized in order to minimize response times,” says Baranowski.
