RedShift Networks Stops SIP Botnet Attacks

Enterprises along with their legacy and large carriers make up the foundation of the US voice infrastructure. Network migration from traditional TDM and SS7 networks to a more IP centric SIP and RTP based networks increases malicious exposure to bot attacks. Estimates state bots account for 50% of internet traffic, more than $2 Trillion of global losses, and are delivered through sophisticated command and control channels.

RedShift Networks stops these SIP attacks since most existing static IP based filtering defense systems are not able to catch up as these bots are constantly masquerading their IP, SIP URIs, and Headers. These dynamic characteristics make SIP BotNets difficult to detect and block in real time. With inexpensive cloud access, hackers with small budgets create and leverage a sophisticated global bot network and DDoS an enterprise VOIP network. Additional disruptive bot attacks include SPAM and theft of confidential information such as personal information, usernames, passwords, phishing attacks, etc.

Enterprises along with their legacy and large carriers make up the foundation of the US voice infrastructure. Network migration from traditional TDM and SS7 networks to a more IP centric SIP and RTP based networks increases malicious exposure to bot attacks. Estimates state bots account for 50% of internet traffic, more than $2 Trillion of global losses, and are delivered through sophisticated command and control channels.

RedShift Networks stops these SIP attacks since most existing static IP based filtering defense systems are not able to catch up as these bots are constantly masquerading their IP, SIP URIs, and Headers. These dynamic characteristics make SIP BotNets difficult to detect and block in real time. With inexpensive cloud access, hackers with small budgets create and leverage a sophisticated global bot network and DDoS an enterprise VOIP network. Additional disruptive bot attacks include SPAM and theft of confidential information such as personal information, usernames, passwords, phishing attacks etc.

Most bot attacks are both financially and fraud related. The attacks create and send SIP messages attempting to Register into the network using legitimate credentials. They want to fool the network to allow them to make costly robocalls or steal user credentials globally. These attacks aggressively send Robocalls, Telephony DoS, SIP malformed packets, and a myriad of other SIP based attack vectors against traditional US based carriers and enterprises using sophisticated bot networks.

RedShift Networks offers a cloud-based SIP Botnet Threat Intelligence Service composed of customer Unified Communications Threat Management (UCTM) installations and Honeypots (security mechanism set to detect security attacks) installed in locations globally to detect SIP Botnets. Botnets bait includes compromised systems servers, mostly in ISPs that offer hosting services, that generate special attack scripts installed by fraudsters and hackers from around the world.

A SIP bot attack is specifically targeted towards voice, video, collaboration, Unified Communications, IMS, VoLTE and telephony systems.

Bots also deliver Robocalls as a highly visible attack globally throughout customer sites and baited honeypots. SPAM callers go beyond nuisance since telemarketing calls inundate users trying to accomplish a day’s work. Nearly 40% of all calls in the US are now Robocalls causing $9.5B of loss in productivity and other metrics. Register Violation attacks also leverage SIP-based applications. Here the hacker attempts to take control of the IP phone and falsely “register” in the customer’s network as a legitimate user. Once the hacker gains legitimate user status, they launch a costly myriad of attacks and fraudulent calls impersonating someone else. Fraud is a major problem in the US. Last year, the CFCA research showed that over $29B was lost to Telecom Fraud that is an enormous amount of loss.

The 3rd most frequent type of attack is ‘Request Rate Monitor’. This Distributed Denial of Service (DoS) attack includes Telephony Denial of Service (TDoS). TDoS operates by sending an overwhelming quantity of SIP packets to a customer’s target IP address as evidenced by this visual showing TDoS attacks targeting our customer base and honeypots.