Cybercriminals have launched several distributed denial-of-service (DDoS) attacks against voice over IP (VoIP) service providers in September 2021. Some of the attacks also involve ransomware infections. And the number of DDoS against VoIP providers could increase in the months and years to come, new research says.
The situation could be especially challenging for MSPs that resell third-party VoIP services. If VoIP outages and quality-of-service (QoS) issues pop up, resellers and MSPs often have little recourse except to tell end-customers that the issue is beyond their scope and outside of their control.
DDoS Attacks: VoIP Service Providers Under Pressure
Reported DDoS attacks against VoIP providers in September 2021 include:
1. Bandwidth: Bandwidth CEO David Morken on September 28 released a statement regarding a DDoS attack against his company. Morken indicated that cybercriminals targeted Bandwidth and other critical communications service providers as part of a "rolling DDoS attack." He also noted that Bandwidth is working "around the clock" to minimize the attack's impact.
2. VoIP.ms: VoIP.ms experienced a DDoS attack on September 16, Bleeping Computer reported. Cybercriminals targeted the company's DNS name servers and other infrastructure during the attack. In addition, they disrupted the business' telephony servers and prevented its customers from using them to make phone calls.
3. Voip Unlimited: Cybercriminals demanded a ransom as part of a DDoS attack against Voip Unlimited, according to The Register. Voip Unlimited's services remained operational during the attack. Meanwhile, the attack may have been launched by REvil hackers.
4. Voipfone: Voipfone experienced outages across its voice, inbound and outbound calls and SMS services due to a DDoS attack, the Register indicated. The company stated the attack began September 28. Voipfone also said it had been hit by "a further DDoS attack" after its initial attack.
To help customers mitigate or avoid DDoS attacks, DataCanopy says MSPs and MSSPs can:
- Recommend content delivery network (CDN) networks to end-customers.
- Explore emerging products that can detect the attacks and the source IP addresses. These devices can work with various carriers to report the source IP addresses and block them.
- Leverage a syslog server or some means to collect log files from the network endpoints. Such tools can provide valuable data about the attack.
Bracing for Black Storm Attacks?
Along with these DDoS attacks, "Black Storm" attacks could impact communications service provider (CSP) networks, DDoS protection software company Nexusguard stated.
Cybercriminals can launch a Black Storm attack more easily than other types of DDoS attacks, according to Nexusguard. During a Black Storm attack, hackers can leverage any device internet-connected to cripple CSP networks and terminate medium to large-sized enterprises "in a clean sweep."
CSPs can perform vulnerability scans, apply access controls to routers and use deep learning-based threat detection methods to guard against Black Storm attacks, Nexusguard pointed out. They also can analyze security data quickly to identify Black Storm attacks and other cyber threats before they cause serious damage.