Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

DHS Warns of Telephone Denial-of-Service (TDoS) Attacks

A DHS Fusion Center bulletin is warning telecom providers about the emergence of denial-of-service attacks aimed at VoIP services. The warning was leaked to reporter Brian Krebs, and has since been forwarded to several law enforcement agencies and call centers.

A DHS Fusion Center bulletin is warning telecom providers about the emergence of denial-of-service attacks aimed at VoIP services. The warning was leaked to reporter Brian Krebs, and has since been forwarded to several law enforcement agencies and call centers.

According to the bulletin, there have been several targeted attacks to the telephone systems of public sector entities. Such attacks have been named TDoS, or Telephone Denial-of-Service – as the attacker launches a high-volume of calls that flood the phone network and prevent legitimate communications from going in or out of the network.

“Many companies and telecom providers were quick to embrace IP-based telephony; the ability to route telephone calls over the Internet instead of over the original POTS-style system has led to all sorts of benefits: simple ways to connect geographically-diverse offices to the same phone system, global relocation of call centers, improved call quality and reliability,” commented Richard Henderson, a Security Strategist for Fortinet.

“On the telecom side of things, it’s almost impossible to find a Central Office where their switching equipment hasn’t moved to IP. The nature of IP-based telephony makes it easy for companies to locate a call center overseas while making the call appear to have come from a domestic number – but that ability to spoof Caller ID can be used for all sorts of mischief as well.”

This spoofing ability has prevented victims of a TDoS attack from identifying the attacker with any degree of success. Victims have described a person with an accent posing as a collections agent, demanding a payment of $5,000 USD from the company due to the actions of an alleged employee.

If payment isn’t made, then the attacks start. Such attacks can last for hours, starting and stopping at random intervals for weeks at a time. The bulletin warns that, “government offices/emergency services are being targeted because of the necessity of functional phone lines.”

The DHS is urging victims to report as much information as they can to the FBI, via the IC3 (www.ic3.gov). In particular, they are interested in call logs and timestamps, as well as the telephone number used by the “collections” agent noting that, “any information you can obtain about the caller, or his/her organization will be of tremendous assistance.”

As it turns out, TDoS attacks are not new. According to SecureLogix, a unified communications security firm in Texas, such attacks were booming last year. “One reason we’re seeing an increase in voice attacks and schemes is the adoption of Voice-over-Internet Protocol (VoIP),” said Mark Collier, SecureLogix CTO and vice president of engineering.

Advertisement. Scroll to continue reading.

“Free IP-PBX software such as Asterisk/Tribox, computer-based call generation tools, and easy-to-access SIP services greatly lower the barrier-to-entry for voice network attackers,” Collier added. “Call generation is set up quickly and used to generate harassing calls, TDoS, voice phishing and SPAM — and for brute-force probe attacks into call center IVRs for account information used for social engineering.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales.

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

Commvault has appointed Pranay Ahlawat as Chief Technology and AI Officer (CTAIO).

More People On The Move

Expert Insights