Why Enterprises Still Have to Worry about Eavesdropping

When one thinks about eavesdropping, a mental image of a shadowy stranger, hiding behind a corner and listening in on others’ conversations may come to mind. With the rise of VoIP calling, however, enterprises became aware of digital eavesdropping that impacted their corporate business calls.

Now, though, much of the concern surrounding eavesdropping has been replaced by worries about more recent cybercriminal strategies. At the same time, hackers haven’t forgotten about legacy attack styles – in fact, evidence shows that these are still very much in place and utilized today.

This can create a dangerous scenario in which businesses are so preoccupied by emerging threats that protections against older hacking strategies fall to the wayside. In the current threat landscape, cybercriminals utilize an array of attack strategies, both old and new, and enterprises must have varied defenses to safeguard their assets.

VoIP under attack?

In the past, eavesdropping centered around SIP connections and VoIP calls and garnered considerable concerns on the part of enterprises. This is understandable, especially when one thinks about all the sensitive information discussed over one-on-one and conference calls.

According to a report from EdgeWater Networks, while this style of attack is nothing new – eavesdropping through SIP protocols has been around since the early 2000s – hackers have been reviving the approach recently to snoop and steal data. Because many corporate SIP protocols don’t include adequate security, it’s a simple process for cybercriminals to leverage these weaknesses as entry points.

“SIP is now the top target when it comes to VoIP protocols, comprising 51 percent of attacks.”

“The reality is that the SIP protocol and the average company’s approach to securing it doesn’t take a hacking mastermind to exploit,” wrote EdgeWater Networks contributor Rosa Lear.

What’s more, IBM Managed Services data showed that SIP is now the top target when it comes to VoIP protocols, comprising 51 percent of attacks in 2016.

Beyond VoIP: WiFi eavesdropping

While SIP attacks are still taking place – often due to a lack of proper security and weak passwords – this isn’t the only concern surrounding eavesdropping.

As Trend Micro Cyber Threat Researcher Jindrich Karasek pointed out, WiFi networks aren’t immune to eavesdropping. With more devices being connected than ever before, this can create a significant number of exploitable endpoints open to hackers.

“Every device exposed to the internet could be a possible entry point for attackers. For example, if a surveillance camera doesn’t have encrypted traffic while it’s connected to a WiFi network, an attacker can snoop on the footage in a given environment,” Karasek wrote. “Wireless networks can be seen as inherently [insecure], potentially inviting unauthorized access by strangers who could pry into transmitted data. While various security protocols have been developed to protect wireless networks, weaknesses in the protocols themselves have cropped up over the years.”

Similar to weaknesses surrounding SIP that can enable hackers to eavesdrop within VoIP systems, WiFi protocols including the Wired Equivalent Privacy (WEP) encryption protocol have identified flaws as well. In 2001, researchers Scott Fluhrer, Itsik Mantin and Adi Shamir demonstrated how WEP could be leveraged to allow hackers to passively monitor and access network traffic. This approach later became known as the FMS attack.

WiFi eavesdropping: Not a difficult feat for hackers

Adding to the issue here is the fact that these attacks are certainly not a challenge for today’s hackers to pull off. Simple equipment, including a wireless device armed with specific open-source and publicly available tools, alongside an adequate amount of network traffic, is all cybercriminals need.

As Fluhrer, Martin and Shamir explained, through passive monitoring of WEP traffic, hackers can view, in plaintext, the first few bytes of most packets. From here, they’re able to sniff enough packets to retrieve a password, and leverage these credentials to launch further attacks.

“The shorter the password, the faster the decryption process,” Karasek noted. “For example, a short password like ‘hackm’ can only take four minutes to decode.”

Public and insecure wireless networks provide easy entry for cybercriminals’ malicious eavesdropping.

Scenarios that can open the door to malicious eavesdropping

How do you know if your organization is at possible risk of this type of attack? There are certain situations in which conditions are right for hackers to carry out this kind of malicious activity:

  • Weak endpoint passwords: As noted, weak passwords can all but provide a wide open door to hackers. With currently available tools supported by strategies like social engineering and brute force, it doesn’t take cybercriminals long to crack a simple or obvious password.
  • Default device settings: Default passwords and factory settings can be even worse. This includes both endpoint user devices and, in particular, routers. As IT Toolbox contributor Will Kelly pointed out, default configurations should always be changed ahead of completing a deployment. This encompasses VoIP phones and all other endpoints connected to the network.
  • Branch offices: Organizations with branch locations – including banks and insurance providers – are at a particularly heightened risk for eavesdropping attacks. These remote locations are often the most disconnected with the core IT team, and, as a result, may not be completely compliant with the business’s network and security policies, making overall protection and necessary monitoring a challenge.
  • Open and insecure networks: Use of public WiFi networks, such as those available in coffee shops, airports and other areas can also provide the ideal setting for hackers to carry out eavesdropping and subsequent attacks.

“An attacker can just pretend to sit and wait in a lobby, enjoy his coffee, and while away his time, or just use his phone while standing nearby,” Karasek described. “Footage check of security feeds would not help as the activity would look like normal browsing or the device could be hidden in a bag or otherwise obscured during the whole attack.”

While this individual may appear to be a normal bystander, he is actually eavesdropping on network activity, working to decode a weak password or monitor other traffic.

Safeguarding against eavesdropping

Because eavesdropping is still taking place within legacy SIP connections as well as more updated WiFi and other network protocols, it’s important that all endpoints and entryways into the network are secure.

This includes using more robust credentials as opposed to weak, simple passwords and default settings. In addition, firewalls and the establishment of virtual private networks should be put in place when appropriate.

Advanced solutions like Trend Micro Deep Security, which can offer deep packet inspection and intrusion prevention, as well as OfficeScan endpoint protection, can help ensure robust safeguarding against unauthorized activity.

To find out more, connect with the experts at Trend Micro today.