DDoS attacks aimed at telecom systems are on the rise

DDoS attacks are usually seen as the domain of hacktivists and hackers looking to block – then blackmail – companies that are heavily dependent on their Internet presence.

But, with the rise of botnets for sale, the nature of the attackers ha changed and the options have widened. No longer are just servers and email accounts in danger of getting flooded, but mobile and stationary telephone lines as well.

These so-called Telecommunications Denial of Service (TDoS) attacks are often used by cyber crooks that have managed to access users’ bank accounts and plan to perform transactions that, if noticed by the bank or the client, can be easily blocked or reversed before the money mules manage to extract the stolen money.

Big money transfers detected as unusual often mean that the bank will be calling or emailing the owner of the bank account in order to confirm the validity of the transaction or just to warn the client about it.

But, if his or hers inbox is flooded with tens of thousands of spam messages, it will be difficult to notice the warning coming from the bank.

Likewise, if the bank’s phone call cannot go through to the client because his mobile phone and other phones are bombarded with bogus calls and text messages, hours or even days can pass until they manage to contact the client and, in the meantime, the crooks have run away with the transferred money.

The cyber crooks behind the scheme might not themselves have the capability of performing large enough DDoS or TDoS attacks but, luckily for them, other cyber criminals have and offer their services for reasonable amounts of money.

“Recently, Arbor SERT came across a few advertisements for traditional DDoS services that also included phone attack services starting at $20 per day,” reports Curt Wilson, research analyst at Arbor Networks. “Another DDoS provider has advertised this at $30 per hour, and a third provider also advertising such attacks charges $5 per hour, $20 for 10 hours, and $40 per day.”

SIP (Session Initiation Protocol) systems – whether devices or servers – are also often attacked.

“Once the attackers obtain credentials into a VoIP or other PBX system, that system can become a pawn in their money-making scheme to perform DoS, Vishing, or other types of attacks,” Wilson explains. “Default credentials are one of the security weaknesses that the attackers leverage to gain access to the VoIP/PBX systems, so organizations should ensure that their telecommunications systems credentials are strong enough to resist brute force attack, and that the ability to reach the telephone system is limited as much as possible in order to reduce the attack surface and convince the attacker to move on to the next victim.”

In any case, if you or your company are being flooded with thousands of calls or emails and there is no obvious reason for it, it’s always a good idea to find another phone line and ask the bank to keep an eye out for suspicious transactions.