Brute force attack against voice systems is a real, and growing, problem. In a denial-of-service (DoS) attack, the goal is to make a resource unavailable to its intended users, usually in a temporary interruption or suspension of services. DoS attacks are well known in data systems and networks, but can also happen to a telecom system or network.
Not only Service Providers but more and more enterprise organizations experiencing attacks to their PBX and Unified Communications network.
The ‘classic’ TDoS attack
Criminals use low-cost VoIP tools to mount a massive telephone calling campaign, simultaneously bombarding an organization’s phone and IVR systems with electronically generated calls. These brute force attacks cripple the organization’s voice services and stop the organization from conducting business. These calls also serve to circumvent traditional security or fraud measures during the attack.
Low-level attacks can be mounted by individuals all calling the same number simultaneously, but they aren’t as effective as software-generated VoIP attacks.
What are the reasons behind these kind of hacks/attacks?
Political and social terrorism (terrorist groups or social activists) disrupt business and cause financial harm by launching a TDoS attack. Anecdotal reports indicate some competitors will use TDoS attacks against other call centers.
Fraud is another important motivator. Attackers simultaneously flood a call center or customer service staff with bogus calls. They then launch social engineering attacks against contact center agents. Fraudsters have been able to take advantage of the chaos to steal corporate or customer account information that they will later use to defraud the organization or the customer.
Can an organization prepare themselves against TDoS attacks?
The most important part of preparation is to ensure that, during an attack, all unwanted traffic is diverted, while true customers are allowed to connect without interruption.
Unfortunately there is no particular pattern as criminals continue to develop new and innovative tactics every day. In general, these attacks are recognized due to the massive increase in call volume and the virtual shut-down of the telephony systems, blocking all or most legitimate inbound and outbound calling.
In addition, VoIP calls, which can be identified, will soar in volume. Spoofed ANI numbers may be detected and other patterns will be recognized. Attacks may also be more likely during presumed call center or IVR maintenance periods, or may emanate from foreign countries in unusual volumes.
What is the ‘future’ of TDoS?
As with the massive Dyn distributed DoS attack via Internet of Things devices this month, TDoS attacks will continue to grow both in the number of occurrences as well as in severity. Anyone or any organization that uses telephones is a potential victim.
So don’t wait, take action and prepare yourself before your organization is the next victim!