I had a chance to talk a while ago with Sachin Joglekar, Sipera's head of VIPER Research about what they saw as the top five issues in 2007. We also chatted about the trends ahead. If you aren't watching the updates coming out of Sipera, I encourage you to take a look at http://www.sipera.com/viper.

SIPERA VIPER LAB REVEALS TOP 5 VOIP THREAT PREDICTIONS FOR 2008

Denial of Service, Eavesdropping, Microsoft OCS Vulnerabilities, Spoofing IDs, and Vishing Exploits Will Affect Enterprises and Service Providers

Richardson, TX, January 16, 2008 – Sipera VIPER™ Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today revealed its Top 5 VoIP Threat Predictions for 2008. As with its “Top 5 VoIP Vulnerabilities in 2007” list, the Sipera VIPER team leveraged its own extensive research and examined reports to determine the VoIP/UC threats with the greatest potential impact in 2008.

Based on industry trends that include major IP telephony vendors offering SIP solutions, enterprises deploying VoIP and unified communications (UC) beyond the traditionally secure perimeter, and service providers aggressively embracing fixed mobile convergence (FMC), Sipera VIPER Lab’s Top 5 VoIP Threat Predictions for 2008 are:

1. First and foremost, as enterprises deploy SIP Trunks and UC for the mobile workspace, denial of service (DoS) and distributed DoS attacks on VoIP networks will become an increasingly important issue.
2. HTTP or other third party data services running on VoIP end-points will be exploited for eavesdropping and other attacks.
3. The hacking community, experienced with exploiting the vulnerabilities in other Microsoft offerings, will turn its attention and tools towards Microsoft OCS – taking advantage of its UC connections to public IMs, email addresses and buddy lists to create botnets and launch attacks. As well, enterprise federation for OCS, a major productivity and business process enabler, will be a source of greater VoIP security risk since it exposes once closed networks to the risks found in other federations.
4. Hackers will set up more IP PBXs for vishing/phishing exploits. Vishing bank accounts will accelerate, due to ease of exploit and the appeal of “easy money.”
5. VoIP attacks against service providers will escalate, using readily available, anonymous $20 SIM cards. With UMA becoming more widely deployed, service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.

“The openness and extensibility of SIP make it an attractive choice for enterprises and service providers to realize the promise of unified communications. Unfortunately, those very attributes make it attractive to the hacking community and increase the overall security risk,” said Krishna Kurapati, Sipera founder/CTO and head of Sipera VIPER Lab. “To fully realize the potential of unified communications, organizations need to implement up-to-date security best practices, and proactive UC security and system monitoring. Complementing those efforts, Sipera VIPER Lab will continue to issue threat advisories and provide consulting services to customers, partners and the general public to ensure unmatched unified communications security.”

Sipera VIPER Lab is comprised of experienced VoIP/UC security researchers operating globally 24/7/365. Since its inception in 2003, Sipera VIPER Lab has identified thousands of vulnerabilities and security threats which include fuzzing, floods and distributed floods, spoofing, stealth attacks and spam. VIPER Lab research is used to continuously improve the Sipera IPCS products that protect, control and enable real-time unified communications for enterprises and service providers. For Sipera VIPER Lab blog, Threat Advisories and RSS feeds, please visit http://www.sipera.com/viper.

About Sipera Systems
Sipera Systems provides enterprises and service providers with comprehensive VoIP/UC security solutions that protect, control and enable real-time unified communications. The Sipera IPCS™ products combine VPN, Firewall/SBC, Intrusion Prevention, Anti-Spam, Compliance and Troubleshooting functionality for VoIP systems in a single device. This securely enables IP PBXs, VoIP remote users, SIP trunks, data/voice VLANs, hosted VoIP services and IMS or UMA-based networks. Comprised of top vulnerability research experts, the Sipera VIPER™ Lab concentrates its efforts towards identifying VoIP vulnerabilities, while Sipera LAVA™ tools verify networks’ readiness to resist attacks. Founded in 2003, and backed by Austin Ventures, DTEC, Sequoia Capital and Star Ventures, Sipera is headquartered in Richardson, TX. Visit http://www.sipera.com.