News Stay informed about the latest enterprise technology news and product updates.

New attack methods target Web 2.0, VoIP

Researchers have found new evidence that attackers are targeting Web 2.0 applications and VoIP with increased vigor. Companies are ill-prepared to meet the threat, they say.

Researchers from two different security firms are seeing fresh evidence that attackers are targeting Web 2.0-based business applications and VoIP with increased vigor, and warn that companies are ill-prepared to meet the threat.

Attackers may have found a blind spot in today's popular defenses, as most security products are not looking for Web 2.0 XSS attacks over SIP.
Paul Henry,
vice president of technology evangelismSecure Computing

Secure Computing Corp. announced Tuesday that it has uncovered a potential new method to gain control of a user's PC by launching an XSS attack via the VoIP protocol known as SIP. This is the first time Secure Computing seen a Web 2.0 attack using the VoIP protocol, said Paul Henry, vice president of technology evangelism for the San Jose, Calif.-based vendor.

Separately, researchers at Websense Security Labs issued an alert about a spike in new spam techniques over Skype, the widely-used VoIP service. Spam is being sent over Skype warning users that their system has been infected with malware. The spam is designed to dupe the user into buying software that claims to clean the spyware from their systems. Instead of removing spyware, however, the spammer is able to steal sensitive data that could be used for identity fraud.

In an interview Tuesday, Henry said that the vendor's researchers discovered proof-of-concept code attackers could use to run malware on any PC via the user's VoIP connection.

"The issue is simple," he said. "Attackers may have found a blind spot in today's popular defenses, as most security products are not looking for Web 2.0 XSS attacks over SIP. Secure Computing recommends using a solution that scans for malicious scripts and malware across every protocol that is permitted to enter the enterprise network."

While users have gotten used to not opening email attachments or being careful when visiting Web sites they're not familiar with, the new VoIP SIP protocol vulnerability is another reminder that "we're living in the Web 2.0 world now and not everything is as safe as we assume," Henry said.

San Diego-based Websense, meanwhile, has labeled the appearance of Skype spam as "SKAM,".

Attack techninques:
New attack technique threatens broadband users: Millions of broadband users across the globe are threatened by a new attack technique called drive-by pharming, Symantec and Indiana University researchers warned Thursday.

Researchers highlight new database attack method: Expert penetration testers demonstrate how cyberthieves can reach into corporate databases without exploiting a specific software flaw.

Cisco routers threatened by drive-by pharming: Millions of Cisco routers in circulation could be compromised by a newly-discovered attack technique Symantec calls drive-by pharming, the networking giant warned in an advisory.

"Traditionally, email [has been] the only conduit for SPAM," a company spokesman said in an email. "However, increasingly the Web and other communication platforms are also being utilized as attack vectors."

The Skype spam Websense has been seeing warns users that their system is infected with malware and tries to trick them into buying software to remove spyware from their systems. "This serves as example of spam propagating on Skype, with malware authors utilizing social engineering to pass their malware off as legitimate software, and attempting to collect money directly at the same time," Websense said in its online analysis.

Henry said he is particularly concerned about what he's seeing because companies have deployed Web 2.0 applications and implemented VoIP systems at a fast and furious pace in the last couple years with little attention paid to the potential security ramifications.

"I don't think companies are using VoIP any more securely than they were two years ago," he said.

That assessment mirrors the concerns raised last summer by Himanshu Dwivedi and Zane Lackey of San Francisco-based digital security firm iSEC Partners Inc. The duo gave a presentation on the various ways attackers can exploit the SIP, IAX and H.323 VoIP protocols during Black Hat USA 2007 in Las Vegas. While Henry warns about SIP being targeted, the iSEC researchers warned that H.323 is particularly vulnerable to attack but that most users assume H.323 is secure because little evidence to the contrary has been presented.

They urged the audience to build a layered defense, noting, as Henry did Tuesday, that the state of VoIP security is as bad now as it was a couple years ago.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Service provider security: IP convergence requires constant vigilance The convergence of telecom networks on IP may have brought about an unprecedented ability to roll out new and flexible services, but it has also brought an increasing number of security risks that require service providers to take proactive steps on many fronts. Now that converged networks carry voice, data, web access and email, something like a denial of service attack can disrupt every service, not just one. Why? Because the protocols used in IP networks are all based on publicly available standards, and detailed information on their operation is available to anyone. Since IP networks are much more vulnerable to attack than circuit-switched networks, this Telecom Insights guide looks at specific security precautions that telecom service providers need to address, including how to protect e-mail and VoIP services. The trick is making each protective technique appropriate for the service it is protecting.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

A bigger discussion might be whether we have become complacent in our security. As new tech is revealed, it seems that the bad guys have the jump on the general IT populace in terms of cracking it, gaining access and establishing back doors to all sorts of apps and systems. It SHOULD be the other way around. I don't have a solution, but I wonder when the tide changed so that the attackers were dictating the moves instead of the coders/creators.