Telephony fraud

Cyber criminals are targeting the VOIP infrastructure of enterprises.

---

Data security solutions have matured considerably over the last 20 years, and this has forced today’s cyber criminals to shift their focus to easier ways of getting access to information in order to enrich themselves. They are now targeting the voice communications (VOIP) infrastructure of enterprises like never before and succeeding well beyond most executives’ perceptions.

As workforces become increasingly remote, cyber criminals have besieged enterprise workers and enterprises with increasingly sophisticated voice-based (SIP) attacks like robocalling, shellshock, caller-ID spoofing, telephony denial of service (DOS) attacks, impersonation and social engineering as well as artificial traffic.

In the state of ransomware report by Sophos, 78% of South African companies surveyed reported being subjected to ransomware attacks in the past year, a 51% increase from the last reporting period.

A recent report by Metrigy identified voice as the most widely used channel, with 73.1% of all interactions either using voice initially or as an escalation from another channel. As voice is a critical channel for businesses, communications analytics tools need to be deployed to enable more proactive security measures as well as to relieve contact centre agents from the burden of caller authentication.

A recent study by CrowdStrike Intelligence identified an increase in social engineering using human interaction, such as vishing (voice phishing), to successfully download malware or circumvent multifactor authentication. Direct interaction with victims is a valuable asset for cyber crime operations.

Contact centres are frequent targets for this style of attack, and the challenge of screening often falls on individual agents. The FTC reports that 20% of the fraud reports it received in 2022 had a phone call as the contact method, with another 22% from contact via text messages.

According to statistics from the Southern African Fraud Prevention Service (SAFPS), there was a 600% increase in incidents of fraud reported by their members at the end of 2022 when compared to 2018.

To make matters worse, on top of the meteoric rise in fraud cases, in an INTERPOL report last month, South Africa received the unwanted title of the cyber crime hub of Africa, with the country recording over 230 million incidents.

Communications-based threats that result in theft of service, harassment calls and account takeover disruptions can seriously harm your brand, negatively impact operational efficiencies and cause significant financial loss.

By reviewing metadata from incoming and outbound calls, including information of where the call originated, the time and the destination, analytics solutions such as Oracle Communications' cloud-based Security Shield product can identify if a pattern is reminiscent of a known fraud scheme or unusual compared to the device or user’s normal activities. These real-time predictive analytics enable enterprises to be proactive in their security measures, acting before an attack happens, rather than reacting after the event.

The business analytics information accessible in solutions such as Security Shield provides actionable insights and an intuitive view into network traffic and threats. Users benefit from being able to detect anomalies, investigate and determine remedies with new clarity.

Prior to cloud computing, employing this level of analytics was cost prohibitive for most companies. The analytics derived from big data were not worth the cost of the added hardware and software required to collect and process the data. With the high performance of the cloud, ample storage and the SaaS business model, any company regardless of size may now tap into the power of analytics.

Security Shield evaluates calls crossing an enterprise’s network edge, detects malicious call signatures and behaviours and produces a risk assessment for each call, all in real-time and all pre-answer. Security Shield provides observability of your telephony traffic, type of calls, risks and actionable insights enabling smarter investigations.

Security Shield leverages machine learning-based behavioural analytics to look behind the incoming phone number and tracks actual call behaviour indicative of spam activity, malicious activity and intent. It generates a risk assessment score that provides an easy-to-understand classification. Using the results from the behavioural analytics, Security Shield provides information on intent of a call (for example: probable scam or fraud call, a likely robocall or probable telemarketing call, etc).

Guided by the risk assessment, call filters can be enabled that determine how you want to treat calls. User controlled call filters allow aligning the call’s handling with an enterprise’s own tolerance for risk.

With unwanted and unwelcome calls filtered out, or at least flagged, you can avoid costs by reducing time wasted on answering these calls. Moreover, with the identification of higher risk calls, you can save on verifying or authenticating users by only sending higher risk callers to an advanced verification process and low risk callers to an expedited process. Security Shield’s capabilities protect enterprises from telecoms-based threats, such as theft of service, harassment calls and account takeovers.

Security Shield provides real-time visibility of your communications traffic through an intuitive, comprehensive dashboard. The business analytics information provides actionable insights as attacks or anomalies occur, enabling quick investigations and remedies while attacks are still in progress. The dashboard provides information on traffic metrics and patterns, on threat occurrences and their sources, and on the reputation score distribution for calls, as well as documenting all of the actions taken for identified threats.

Security Shield’s policy-based enforcement capability enables enterprises to configure how to mitigate calls with unacceptable risk scores, specific type of calls (so-called no value calls like robocalls) as well as generic access control lists for allowing or blocking calls to enter or leave your network. This ensures that the handling of each call aligns with the enterprise’s own risk tolerance guidelines. Options for mitigating attacks include:

• Blocking calls during call set-up.
• Redirecting calls to an investigator or a call recording server.
• Terminating live calls.
• Rate limiting calls to a specific calls per second limit.

The enforcement actions are executed by an Oracle Session Border Controller (SBC) or Oracle Session Router in the case of third-party SBCs already deployed.