TDoS: The latest wave of Denial of Service attacks
by Corey Nachreiner - Director of Security Strategy at WatchGuard - Monday, 15 April 2013.
Hackers have been able to weasel their way into computer networks from nearly every direction. From malware to ransomware, and everything in between, cyber crooks are always looking for new ways to steal information and disrupt business-as-usual for monetary gains. While most companies understand the importance of securing their corporate networks, there is one area that is often overlooked, but is becoming an easy target: VoIP systems.



VoIP systems are dynamic, complex, and oftentimes require different tools than what a legacy firewall can provide, making the issue of telephony security a challenging one. Companies need to ensure that lines of communication are open and working well, so many are reluctant to put too many layers of defense on top of their telephony solution.

Unfortunately, hackers have become aware of this likely gap in defense, and have started to take advantage of it. A new class of attack targeting call centers, called telephony denial of service (or TDoS), have started appearing by the dozens.

Like other denial of service (DoS) attacks, TDoS attacks seek to clog lines and interrupt regular business with a flood of false traffic. In the case of TDoS attacks, the attacker floods telephone (VoIP or traditional) lines at a call center with repeated calls from spoofed numbers, clogging lines for up to several hours and inhibiting real users from connecting. The goal of these attacks may differ. In some cases, they could be the work of activists or pranksters just trying to cause trouble.

In other cases, attackers try to monetize the attack by first extorting the victim. In a recent case, attackers posed as collections agents and dialed a call center, demanding payment of thousands of dollars for a false debt when someone answered. When the victim refused to pay and hung up, the TDoS attackers started.

As compared to large bandwidth DDoS attacks, TDoS attacks don't take many computing resources or technical know-how. It is fairly easy to clog a phone line by simply calling it over and over again. Attackers employ VoIP automation scripts to dial the victim's phone number, hang up, and then redial repeatedly, overwhelming the line and making it impossible for other calls to come through. And because the attackers are able to use spoofed numbers, it is difficult for the victim to differentiate between a TDoS call and a real call.

In the most recent TDoS attacks, that targets were emergency services, such as ambulance or air ambulance services. For organizations like these, it is critical that phone lines remain open and available to ensure prompt response to emergency situations. This is where the major concern lies in these types of phone system attacks.

The Department of Homeland Security asks that organizations afflicted with this type of attack contact them, or the FBI, for further investigation. But it is important that businesses and call centers take precautions to safeguard their phone systems before an attack occurs. While you canít always keep a VoIP system behind the same firewall as the rest of the corporate network, it is important that companies of all sizes take steps to secure their VoIP and telephony systems.

VoIP systems are like any other computer network system, and thus require protection from the same classes of cyber attacks as any other network server. While legacy firewalls may have trouble properly handling the unique requirements of VoIP systems, many modern security appliances have application layer gateways (ALG) designed specifically to handle VoIP-specific protocols. Some of these ALGs can even provide VoIP-specific security functionality, such as preventing SIP directory harvesting, or network level DoS attacks.

Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //