When checking with a security consultant regarding Common UC Threats, He replied, its of least priority topic for companies. So he never bother about UC securitiy.
I was surprised by his reply.
UC threats are also Critical. On Today’s blog i share some common UC threat…
- Eavesdropping: Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information
- Identity theft: Identity theft occurs when someone uses another person’s personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. This attack can impact both instant messaging clients and IP endpoints.
- Call spoofing: Placing a call while changing the caller ID to impersonate another user to gain access to information. This specific attack is related to identity theft.
- Robocalling: A robocall is a phone call that uses a computerized autodialer to deliver a pre-recorded message, as if from a robot. Robocalls are often associated with political and telemarketing phone campaigns, but can also be used for public-service or emergency announcements. This attack is often used for illegal scams.
- Voice phishing (vishing):Vishing—or voice phishing—is the use of fraudulent phone calls to trick people into giving money or revealing personal information Making calls that are intended to obtain personal or financial information about an individual. This attack is often used for identity theft or fraud.
- Session replay: Recording a voice or video call with the intent to use it for malicious intent (for example, a blackmail attempt).
- Denial of service (DOS)/telephony denial of service (TDoS): Denying valid users the ability to use UC services (e.g., creating a telephony denial of service, or TDoS, so that users cannot place inbound or outbound calls).
- Media tampering: Hijacking a voice or video session to challenge the integrity of a session.
- Toll fraud: Utilizing voice or video systems without authorization, thus increasing the cost of the system (e.g., placing unauthorized long-distance calls, which results in high telephone bills).
- Malicious discovery of private information: Using caller ID, password/accounts, calling patterns, or presence information for identity theft, call spoofing, robocall- ing, and so on.