Fighting IP Telephony Fraud with Oracle Enterprise Session Border Controllers

Telephony fraud poses a significant threat to both businesses and communications services providers. A 2015 Communications Fraud Control Association (CFCA) survey estimates global telecommunications fraud loss at $38.1 billion (USD) annually. A good chunk of that--about $3.5 billion--is attributed to corporate IP-PBX and unified communications system service theft.

IP-PBXs and UC systems are vulnerable to a wide range of increasingly sophisticated attacks. Cybercriminals can leverage open source scanning tools to identify VoIP endpoints and systems with weak passwords, apply common Internet hacking techniques to gain access to IP communications systems, or exploit known vulnerabilities in specific vendor platforms or other voice network components to commit fraud.

IP telephony scams can come in many forms, can originate from inside or outside the company, and can impact any business regardless of size or industry. In simple cases, hackers gain access to corporate voice networks to make free international calls. In more sophisticated attacks, cybercriminals concoct complicated schemes to reap real financial rewards. For example, scammers engage in hijacking schemes to generate illicit revenue as rogue service providers. They break into a corporate voice network and "resell" international minutes to other service providers or unsuspecting consumers. In a widely published Massachusetts case, cybercriminals hacked into a small-business phone system and made $900,000 in calls to Somalia. (The story made headlines when the service provider sued the business owner, who had refused payment.)

Still other cyberthieves engage in traffic pumping schemes. They lease a premium telephone number in a foreign country (similar to a 900 number in the United States), hack into a corporate voice network and generate calls to that number. In many cases the criminals receive remuneration from the intermediate service provider before the victim even realizes its phone system has been compromised. In other versions of the scam, criminals collude with legitimate premium number owners, steering calls to them for a kickback.

The new Oracle E-SBC blacklist/whitelist capability lets you explicitly block outbound calls to specific phone numbers (or SIP URIs) or ranges of phone numbers. The combination of blacklisting and whitelisting enables a flexible strategy for thwarting both hijacking and traffic pumping schemes. Forbidden destinations are blacklisted. Exceptions are whitelisted. For example, the CFCA study lists Cuba, Somalia, Bosnia and Herzegovina, and Estonia and Latvia as the top destinations for fraudulent calls. You can blacklist all calls to those countries and whitelist exceptions, such as valid calls to a trusted software contractor based in Latvia. Blacklists/whitelists are easily configured via a graphical user interface or an XML file upload. Wildcards are supported to effortlessly block all calls to a specific country or SIP URI domain name. You can use the XML capability to easily import fraudulent number lists from a telephone fraud watchdog service.

The new call rate limiting feature lets you restrict outbound call volumes to specific phone numbers (or SIP URIs) or ranges of phone numbers. It is useful for mitigating the effects of traffic pumping scams. Similar to blacklists/whitelists, call rate limits are defined via a GUI or XML file, with wildcard support for easy configuration. Call rate limiting enables a proactive fraud mitigation strategy. For example, you can allow unlimited calls/day to the United Kingdom but only one call/day to Estonia. The feature can also be used reactively. For example, you can throttle calls from certain sources or to certain destinations while analyzing and isolating a threat.

The new call redirection feature lets you automatically transfer blocked calls to another destination, such as a media server, monitoring system, or recording system. For example in hijacking schemes, you can redirect the calling party to a media server that plays an announcement indicating the call cannot be completed as dialed. Alternatively, you may route the call through monitoring and/or recording systems to enable further analysis.

The latest Oracle E-SBC fraud protection capabilities help you proactively mitigate risks in the event a hacker gains access to your corporate voice network. These should be used in conjunction with other security measures to build a multi-layered approach to security. (Prevent hackers from gaining access to the network as a first line of defense. Contain hackers from doing harm as a second line of defense.)

For ultimate protection:

By deploying Oracle E-SBCs with telephony fraud protection capabilities in conjunction with other security systems and practices you can take full advantage of today's IP-based communications platforms while minimizing the risk of fraud, eavesdropping, denial of service, and other threats.