Since the beginning of September 2021, several Voice-over-IP (VoIP) communication providers have been attacked by a highly effective DDoS extortion campaign. The attacks resulted in failures and disruptions in VoIP operations and services around the world.
In early October, the number of DDoS extortion attacks increased worldwide, affecting both wholesale and retail VoIP providers. In these attacks, the attackers tried to put the targeted organizations under massive pressure so that they would make extortion payments in cryptocurrency in return for stopping the attacks. At this point, it should be pointed out again that paying ransom is no guarantee that the attacks will stop and could even lead to an increase in claims.
DDoS extortion attacks - ransom or paralyze
The attackers used well-known DDoS attack vectors, with which it is possible in many cases to paralyze business-critical services of unprepared VoIP operators. In some cases, the suboptimal placement of stateful firewalls in front of SIP / RTP session border controllers (SBCs) and VoIP telephone systems has impaired the availability and resilience of the affected SIP / RTP VoIP infrastructure and thus the vulnerability of the affected elements of the service provision to Disruptions from DDoS attacks increased.
Similarly, the lack of situational network access control policies implemented via access control lists (ACLs) on hardware-based routers and / or Layer 3 switches has allowed attackers to negatively impact some SIP / RTP VoIP operators.
DDoS vectors for more attack traffic
These attacks used UDP reflection / amplification DDoS vectors to generate DDoS attack traffic that is clearly outside the profile of VoIP services.
In contrast to previous campaigns in which DDoS blackmail calls are never viewed by the target persons, in this campaign the attackers took greater care to identify email inboxes that are likely to be actively monitored by the target organizations.
More at Netscout.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.