Telephony Is Now an Attack Vector: How Security Is Changing in Unified Communications

,

For a long time, Unified Communications operated under a comfortable assumption:
voice was a lower‑risk channel than email or messaging.

Firewalls, anti‑phishing engines, EDR, DLP—almost all security controls were designed around email and files, while telephony lived in a safer zone. Important for the business, yes—but largely outside the security spotlight.

That assumption no longer holds.

Today, telephony—especially inside collaboration platforms—has become a real attack vector, and vendors themselves are starting to treat it that way.

This shift isn’t theoretical: real incidents already exist

Microsoft recently published the analysis of a real incident investigated by its incident response team (DART), where an attacker used Microsoft Teams calls to impersonate IT support and convince users to grant remote access. No software vulnerabilities were exploited—only voice‑based social engineering inside a trusted platform. (you can read more about this here)

The pattern is consistent and effective:

  • a direct Teams call
  • impersonation of IT, support, or a trusted vendor
  • urgency and believable context
  • implicit user trust (“it’s Teams”, “it’s internal”)

No malicious links.
No attachments.
No signatures a traditional filter can block.

Just voice, real‑time pressure, and trust.

Why this changes the rules for UC

These attacks expose an uncomfortable truth for Unified Communications:

Voice is no longer just communication. It’s real‑time interaction with direct impact on identity and endpoints.

Modern UC platforms combine:

  • corporate identity
  • managed devices
  • access to privileged users
  • psychological pressure in real time

That combination makes them highly attractive targets for advanced social‑engineering attacks.

Microsoft has been explicit about this: attackers are using Teams Calling as an alternative “front door”, where traditional security controls are either delayed or ineffective.

The first visible signal: security telemetry enters voice

It’s not accidental that Microsoft is introducing capabilities to report suspicious calls in Teams, something that simply didn’t exist in traditional UC environments.

Features like this:

  • acknowledge telephony as part of the threat model
  • turn users into sensors
  • generate security signals that previously didn’t exist

The feature itself doesn’t solve the problem—but it marks a clear inflection point: voice is now being treated as a channel that can (and should) generate security telemetry.

The uncomfortable reality: UC and security still operate in silos

This is where the discussion stops being technical and becomes organizational.

In many companies:

  • UC teams manage quality, numbers, devices, and user experience
  • Security teams manage identity, alerts, and incident response
  • Telephony sits somewhere in between—with no clear security ownership

The outcome is predictable:

  • fraudulent calls go unreported
  • users don’t know what to do
  • UC admins lack visibility
  • SOC teams never see the signal

When an incident happens, no one was actually watching that channel.

This isn’t just a Microsoft Teams problem

While recent examples come from Microsoft Teams, the issue is broader:

  • collaboration platforms concentrate identity and trust
  • VoIP enables global reach
  • users are conditioned to respond quickly
  • attacks don’t rely on malware

Zoom, Google Meet, and any collaboration platform offering real‑time calling face the same challenge:
how do you secure a channel designed to establish immediate trust?

What this means for the UC administrator role

This is the real shift.

Managing Unified Communications is no longer just about:

  • call quality
  • devices and numbers
  • resolving voice tickets

It now also requires:

  • understanding how voice fits into the security model
  • working with SOC and security teams
  • defining what constitutes a suspicious call
  • deciding what signals are collected—and who reviews them

Not because UC has suddenly become insecure, but because the threat landscape has changed.

Voice has returned as an attack vector—but this time inside enterprise collaboration platforms, where trust is the core asset.

Ignoring this is no longer an option.
Reacting without structure isn’t either.

👉 As UC administrators, it’s worth asking:

  • Is telephony included in our security model?
  • Who owns voice‑based incidents: UC or security?
  • Do we actually have visibility, or are we still blind?

This conversation is only just beginning, and it will likely shape how Unified Communications is managed over the next few years.

If you work in UC and have already seen fraud attempts via calls—or if this topic isn’t on your radar yet—this is the right time to talk about it, before it shows up as an incident.

Deja un comentario

Descubre más desde Rodo Geek

Suscríbete ahora para seguir leyendo y obtener acceso al archivo completo.

Seguir leyendo