Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

The top 5 voice network vulnerabilities

By Roger Northrop
voice-freepik1170x658v5.jpg

Image by pch.vector via Freepik

August 3, 2022

Nefarious vishing attacks were up by over 500% in 2021, according to a recent report. Yet, most enterprise security professionals still overlook their unprotected voice channels and focus instead on securing data networks for web and email.


Both inbound and outbound voice traffic pose serious risks to organizations from social engineering scams based on robocalls, vishing, smishing, or spear-phishing attacks. Such unwanted calls can lead to dangerous data breaches, or they can at least reduce employee productivity through the distraction of unwanted calls.


The bad guys have adopted a range of malicious techniques to steal private information, data, and IP, which can then be sold over the dark web. Their attack strategies continue to evolve over time, but we have identified five main types of voice scams that create vulnerabilities for unprotected businesses.


The top categories include:

  1. TDoS Attacks: Denial-of-service attacks attempt to make a telephone system unavailable to the intended user by preventing incoming and/or outgoing calls. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service, including to emergency responders and call centers.
  2. Ransomware Attacks: The increase of ransomware on mobile devices is particularly disturbing for organizations that allow employees to use their personal mobile devices in the workplace and remotely. Security researchers have found examples of ransomware being transferred from a mobile device to a networked system via corporate Wi-Fi. Too often, these attacks succeed when untrained employees innocently click on a malicious text message link.
  3. Data Theft/Breach: The security industry got an unpleasant wakeup call last November from the infamous Robinhood data breach, which stemmed from a vishing attack. Once criminals can build enough trust to convince employees to share information over the phone, they can gain access to other critical systems for customer, employee and stakeholder data.
  4. IP Theft: Intellectual property thefts can quickly escalate from simple human errors to become serious problems. When attackers trick employees into unlocking company ideas, projects, inventions, or other assets, the attackers can gain access to valuable trade secrets, patents and proprietary software.
  5. Identity Theft: Clever criminals can also use social engineering methods through vishing, smishing and automated robocalls to steal credentials or logins for senior leadership. These kinds of spear-phishing attacks provide an easy way to impersonate a company executive and gain access to secure files or data.


All these threats to voice networks are further aggravated by the growing number of collaboration platforms used for both internal and external business communications. For instance, a company may use Cisco WebEx or Microsoft Teams internally for video conferencing and have it completely locked down. But when employees need to make or receive external calls from different applications that are not company-sanctioned, the threat surface widens.


More types of work functions are being done on these collaboration platforms today, including calls, information-sharing and virtual meetings. Businesses may think they are simplifying things by improving workforce collaboration, but as these platforms remain open, they are in fact adding new layers of complexity and risk to the business.


Regular phone calls can either be ignored or blocked with a spam filter, but now when a VOIP call comes into all devices at once — phone, tablet, and computer — it cannot be stopped. In one recent example, a global pharma organization with 48,000 employees and $6.2 billion in revenue was testing out Microsoft Teams systems for its employees, when they found that 14% of their inbound calls were unwanted. That resulted in a $407,000 annual productivity loss and 240 threat attempts daily, based on extrapolations from industry data. Receiving so many unwanted calls made Teams untenable for their use, leading to both security risks and lost productivity. 


As soon as new vulnerabilities get discovered and patched, newer threats get unleashed. We already know all this. That’s why more attention must be paid to safeguard voice networks. Companies should include vishing in their security penetration tests, automated security controls and security awareness training to find and plug these vulnerabilities before damaging loss events can happen.

KEYWORDS: cyber security enterprise security risk management Vishing

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Roger northrop   mutare

Roger Northrop is Chief Technology Officer at Mutare, Roger Northrop is responsible for driving innovation through R&D activities in Mutare Labs, monitoring industry trends, and leveraging technologies to protect the security of the customer IT environment. Northrop serves as a technology ambassador and expert resource for customers and partners.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Top 5 VoIP Vulnerabilities in 2007

    See More
  • cyber-security (1) freepik

    Top 5 cybersecurity challenges in the hybrid office

    See More
  • Security for Next-Generation Voice and Video: Know Your Network

    See More

Related Products

See More Products
  • intelligent.jpg

    Intelligent Network Video: Understanding Modern Video Surveillance Systems, Second Edition

  • Career Network (60 days)

  • Career Network (30 days)

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing