Page 56 - Cyber Defense eMagazine September 2022
P. 56
replacing the need for traditional enterprise telephone systems, including private branch exchange across
the globe.
Cloud telephony services further frees organizations from the burden of purchasing and storing stand-
alone hardware such as handsets and private branch exchange boxes. It also sets the stage for equipping
complementary unified communications as a service (UCaaS) features such as artificial intelligence (AI)-
enabled customer support, keyword and voice analysis, interactive voice response (IVR), and call center
capabilities.
Organizations nowadays are utilizing cloud telephony services to better connect their teams and make
their employees more satisfied, engaged, and focused in their roles. The term ‘cloud telephony’ signifies
a multi-tenant access model, with subscribers paying to utilize a provider’s pool of shared and
commoditized resources.
As per Fact.MR, a leading market research firm, the global cloud telephony services industry is projected
to reach a valuation of US$ 51.5 Billion by the end of 2032 and exhibit growth at a CAGR of 9.5% from
2022 to 2032. Surging need to reduce phone bills and the overall teleconferencing cost in an organization
is expected to bode well for the industry.
All cloud telephony platforms utilize voice over internet protocol (VoIP) technology. However, cloud
telephony poses a security risk to an organization’s confidential data owing to the possibility of VoIP
hacking. It mainly occurs because of the requirement of an internet connection for using the cloud calling
feature.
Which Are Some of the Common Techniques of VoIP Hacking?
VoIP systems can face unique security risks due to their different setup and high dependence on the
internet, as compared to the conventional telephone system. Below are some of the common types of
VoIP hacking that a user should be aware of:
• Social Engineering: It leverages human interaction instead of VoIP system technicalities. Poor
execution of social engineering campaigns is one of the major factors that promotes this type of
hacking. Various organizations, especially in emerging economies often fail to provide their
employees with education regarding the risk of fraudulent phone calls made by hackers by
disguising their caller IDs. Hackers often use tricky means to generate confidential information
about a specific target and can utilize it later for malicious acts.
• Toll Fraud: As international calls are expensive to make, potential attackers place those calls
and the bills are charged to the company’s account. In toll fraud, attackers mainly target system
users and admins with phishing scams to gain unauthorized access to an organization’s VoIP
system. They usually leave a voicemail to a department in an organization questioning them about
information like bank details. If the employee passes the verification codes, attackers can easily
get access.
• Unauthorized Use: It involves using an organization’s phone network to call other companies or
individuals pretending to be someone else. Attackers mainly use robocalling and auto-dialing
Cyber Defense eMagazine – September 2022 Edition 56
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.