On how VoIP attacks foster the malicious call ecosystem

Switched telephone networks are a key and ubiquitous infrastructure. Recent technological advances have integrated modern and inexpensive systems into these networks in order to use the Internet to place calls via Voice over IP (VoIP). The evolution of this technology has also led to an increase in...

Descripción completa

Detalles Bibliográficos
Autores: Carrillo Mondéjar, Javier, Martínez Martínez, José Luis, Suárez Tangil, Guillermo
Tipo de recurso: artículo
Fecha de publicación:2022
País:España
Institución:Universidad de Castilla-La Mancha
Repositorio:RUIdeRA. Repositorio Institucional de la UCLM
OAI Identifier:oai:ruidera.uclm.es:10578/36266
Acceso en línea:https://doi.org/10.1016/j.cose.2022.102758
https://hdl.handle.net/10578/36266
Access Level:acceso abierto
Palabra clave:Honeypots
VoIP
Cybercrime
Telephony fraud
Underground economy
Robocalls
Attacks
Descripción
Sumario:Switched telephone networks are a key and ubiquitous infrastructure. Recent technological advances have integrated modern and inexpensive systems into these networks in order to use the Internet to place calls via Voice over IP (VoIP). The evolution of this technology has also led to an increase in the number and sophistication of the techniques used by criminals to commit fraud. Specifically, with the emergence of VoIP, attackers can now adapt tools commonly used by cybercriminals, such as botnets, to make their attacks more complex and insidious. For example, through bots they can dial multiple numbers automatically, enabling them to target a greater number of victims, and do so more quickly. While recent studies have shed light on how certain parts of this ecosystem work, it is still unclear how attacks on VoIP systems contribute to this type of fraud. This paper presents a novel VoIP honeypot that captures voice interactions, in addition to employing low-level telemetry. With the study of how attackers obtain access to our honeypot and the actions they perform, we present an overview of the most prevalent types of fraud used in this ecosystem, including unique insights into the origin of the attacks and the destination of calls made through our architecture. Finally, we analyze in depth the actions taken to study the different types of telephony fraud.