Netsurion logo Netsurion logo
  • Our Solution
    Back
     Image
    OUR SOLUTION
    • Capabilities
      Predict, prevent, detect, and respond
    • How It Works
      People, platform, and process
    • Use Cases
      By threat, environment, or industry
    • Talk to a Cybersecurity Advisor
      See how we deliver managed threat protection
  • WHY NETSURION
    Back
     Image
    WHY NETSURION
    • Key Business Benefits
      Powerful yet practical cybersecurity
    • Industry Leadership
      Perennial recognition for innovation
    • Customer Success
      Driven to be your trusted partner
  • Partners
    Back
    Partner Program Overview Image
    PARTNER PROGRAM OVERVIEW
    • Partner Program Benefits
      Our solutions are built for service providers
    • Become a Partner
      Grow your cybersecurity practice
  • Insights
    Back
     Image
    VIEW ALL INSIGHTS
    • Articles
      Read the latest from our blog
    • SOC Catch of the Day
      Real stories of threats we reel in daily
    • Cybersecurity Q&A Videos
      Answering your toughest cybersecurity queries
    • Webcasts & Events
      Join us in-person or online to learn more
  • Company
    Back
     Image
    MEET NETSURION
    • Leadership
      Meet our management team
    • News
      Press releases and news stories
    • Careers
      Check out our current openings
    • Contact Us
      Talks to sales or support
  • MyNetsurion
  • Support
  • Partner Portal
  • Contact Us
SOC Catch of the Day

We review billions of logs daily to keep you safe from advanced threats.

HomeInsights Catch of the Day Vulnerable VoIP

Vulnerable VoIP

The Network: A law firm with many offices worldwide who supplements their team with Netsurion Co-Managed SIEM services. Business VoIP has also been implemented for its many benefits.

The Expectation: The business gains the benefit of VoIP including flexibility and cost savings without compromising network security.

The Catch: Netsurion’s security SOC analysts observed a flurry of INVITE and REGISTER messages allowed by the firewall. The originating IP Address has a bad reputation according to AbuseIP. 

The Find: The SIP protocol is known to be vulnerable; possible workarounds include filtering or blocking all SIP traffic with source and destinations UDP port 5060 and TCP ports 5060 and 5061. This however, was not possible because the target was an A/V server which must accept connections from external IP addresses.
An IPS is also available but is configured in passive mode. Therefore, it does not block such traffic despite recognizing it as problematic.

The Fix: To start, block the attacker IP address. Upgrade to an active IPS so that such traffic can be blocked on detection. Apply all available updates to the target machine to minimize the attack surface.

The Lesson: Business VoIP provides benefits, but network traffic must be monitored for cybersecurity attacks. Port 5060 is a common target, the attack pattern being scanning, enumeration, and brute force password guessing, followed by abuse. Attacker motives include anonymity, abuse of the premium rate telephony model, and reselling VoIP and exploiting PII (personally identifiable information).
Related Catches
  • Dubious Document Destroyed at Law Firm
  • Phony Performance Warning Foiled
  • Man-in-the-middle Disrupted at Multinational
Latest Catches
  • Trojan Hunted at a Medical Center
  • Ransomware Detected & Blocked in Business Services Firm
  • MITRE ATT&CK Guides MSP on Cobalt Strike Threat Mitigation

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept

Contact Us

  • 1 (877) 333-1433
  • Customer Support
  • partners@netsurion.com
  • sales@netsurion.com

Partners

  • Partner Program Overview
  • Partner Program Benefits
  • Become a Partner
  • Partner Portal Login

Quick Links

  • Why Netsurion
  • Blog
  • Careers
  • Our Solution
SOC 2
  • Terms of Use
  • |
  • Privacy Notice
  • |
  • Soc 2 Type 2 Compliant
  • |
  • Contact Us
  • |
  • Sitemap
  • |

Copyright © 2023 Netsurion. All rights reserved.