Firewall Firewall Firewall!
You need a VOIP firewall which works with VOIP traffic and phones. A typical firewall will not know a VOIP service and will probably block VOIP protocols randomly. Some might deem it as a DOS attack due to the streaming nature of the VOIP packets. Lock your firewall down to only traffic between the VOIP service an the VOIP server so you don't get random REGISTERs to your VOIP service. Ask if you can get a VPN connection to the voip service. If you have multiple sites, you can also get a virtual firewall service to cover your servers.
Hide your VOIP phone system
The ultimate idea is to hide your server from the Internet world. Once it's hidden, the hackers will not be able to try hacking it. Some points (though not exhaustive) for setting it up.
Upgrade your firmware on your VOIP phones
Secure VOIP provider
Your phone system needs to be able to limit the international calls by enabling prefix match. So only allow +61 calls etc. However, your VOIP provider should be able to stop it at their premises. Most providers do allow any calls to go out and only stops it after damage has already been done to a certain extent.
And finally, always set a pre-determined dollar amount of how much you will spend a day. This way, the VOIP provider will be able to stop all calls when it hits that threshold.
In summary, there are many ways to stop Toll Fraud and Hackers. Much of it is network related but it also depends highly on the VOIP provider.