VoIP systems are dynamic, complex, and oftentimes require different tools than what a legacy firewall can provide, making the issue of telephony security a challenging one. Companies need to ensure that lines of communication are open and working well, so many are reluctant to put too many layers of defense on top of their telephony solution.
Unfortunately, hackers have become aware of this likely gap in defense, and have started to take advantage of it. A new class of attack targeting call centers, called telephony denial of service (or TDoS), have started appearing by the dozens.
Like other denial of service (DoS) attacks, TDoS attacks seek to clog lines and interrupt regular business with a flood of false traffic. In the case of TDoS attacks, the attacker floods telephone (VoIP or traditional) lines at a call center with repeated calls from spoofed numbers, clogging lines for up to several hours and inhibiting real users from connecting. The goal of these attacks may differ. In some cases, they could be the work of activists or pranksters just trying to cause trouble.
In other cases, attackers try to monetize the attack by first extorting the victim. In a recent case, attackers posed as collections agents and dialed a call center, demanding payment of thousands of dollars for a false debt when someone answered. When the victim refused to pay and hung up, the TDoS attackers started.
As compared to large bandwidth DDoS attacks, TDoS attacks don't take many computing resources or technical know-how. It is fairly easy to clog a phone line by simply calling it over and over again. Attackers employ VoIP automation scripts to dial the victim's phone number, hang up, and then redial repeatedly, overwhelming the line and making it impossible for other calls to come through. And because the attackers are able to use spoofed numbers, it is difficult for the victim to differentiate between a TDoS call and a real call.
In the most recent TDoS attacks, that targets were emergency services, such as ambulance or air ambulance services. For organizations like these, it is critical that phone lines remain open and available to ensure prompt response to emergency situations. This is where the major concern lies in these types of phone system attacks.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.