The primary motivation of cybercriminals always differs. Sometimes it’s financial, otherwise it is to disrupt the services and create unnecessary chaos. Threat actors steal sensitive data to trade on the dark web or demand ransom. But to cause interruptions to the services of a targeted organization, cybercriminals mostly rely on Distributed Denial of Services (DDoS) attacks. DDoS techniques are leveraged to target global organizations by taking down their websites and impacting other services more often.
A massive and co-ordinated DDoS attack recently hit multiple voice over internet protocol (VoIP) services in the U.K. Comms Council UK announced that several of its members had been impacted in a DDoS campaign suspected of running an extortion scheme against VoIP providers across the region.
VoIP providers offer internet-based call services to a range of users and organizations, including agencies in the public sector, the police, and law enforcement departments. In a DDoS attack, cybercriminals make a targeted network or service unavailable to its users by flooding it with unwanted incoming traffic from different sources.
“Several Comms Council UK members and international IP-based communications service providers have been subjected to Distributed Denial of Service (DDoS) attacks over the past four weeks, which appear to be part of a coordinated extortion-focused international campaign by professional cybercriminals,” said Eli Katz, Chair of Comms Council UK.
Comms Council UK could not specify how many firms were affected in the incident, describing the attack as unprecedented. It is suspected that threat actors exploited weaknesses in VoIP providers to cause maximum damage to the services. With employees working from home, the latest attack on VoIP services could cause severe interruptions to internet-based communication services like Teams and Zoom.
“We’re liaising closely with the UK Government, National Cyber Security Centre, Ofcom & international agencies to share information and details about the nature of the attacks in the expectation of halting this criminal activity as quickly as possible. As our members supply telecoms services to critical infrastructure organizations, including the Police, NHS, and other public services, attacks on our members are attacks on the foundations of U.K. infrastructure. We are confident that, with a joined-up Government-led initiative, this damaging criminal activity can be halted,” Katz added.
VoIP Providers Battle DDoS Attacks
This is a second successful and massive DDoS attack in a few days. Recently, attackers hit a Canada-based VoIP provider VoIP.ms in a week-long DDoS attack. The company provides internet telephony services to users and organizations across the U.S. and Canada.
All our resources are still working at stabilizing our website and voice servers due to the ongoing DDoS attacks. We understand the significance of the impact on our clients' operations and want to reassure you that all of our efforts are being put into recovering our service.
— VoIP.ms (@voipms) September 22, 2021
Rise of DDoS Attacks
The rate of DDoS attacks on global organizations has increased as cybercriminal groups leverage various DDoS techniques to cause severe damage to organizations’ critical systems. A recent analysis from Atlas VPN revealed that cybercriminals launched nearly 5.4 million DDoS attacks in the first half of 2021, an 11% increase compared to the first half of 2020. Out of these, attackers leveraged compromised computer systems and botnet networks in 2.8 million of the attacks.
What Experts Say…
Commenting on the rise and severity of DDoS attacks, Nathan Wenzler, Chief Cybersecurity Strategist at Tenable, said, “By their very nature, DDoS attacks create a huge flood of network traffic, scaling up and dynamically changing the source of the flood. This makes it incredibly difficult for a single defender to stop the bad incoming traffic. It’s for these reasons that organizations must be able to meet these kinds of threats with defenses that can equally scale and be flexible in response to these attacks.
He added, “Organizations can leverage perimeter-level defenses, which can be maintained by an internal team and operated automatically to detect DDoS traffic and block the incoming traffic dynamically, preventing impact to core critical systems. Additionally, organizations can leverage the services of large-scale Content Delivery Network (CDN) providers who incorporate anti-DDoS technologies into their platforms. These providers typically maintain massive, global network infrastructures which can scale up in response to absorb an incoming DDoS attack. Ultimately, any strategy that can meet the DDoS attack with the same level of automated scaling capabilities while providing an equally dynamic response will be what’s needed to thwart these massive network flood attacks.”