The attacks targeted the DTMF algorithms, which converted user commands into actions, such as pulling customer bank records from databases.
Vulnerabilities in those databases could be exploited by speaking attack commands down the phone. In one instance, Sasi trigged a buffer overflow against a demonstration system.
More information on this from: DTMF Telephony Denial of Service (TDoS) Issues for IVRs
Since most of these attacks simply involves transmission of DTMF, they are very easy to execute and automate. These vulnerabilities could impact any IVR, whether it is TDM, VoIP, the latest UC, etc.