DDoS Attacks Are Targeting VoIP Providers – How Secure Is Your Business?

A series of high-profile cyberattacks hit the headlines in 2021. However, the latest threat is one that is specific to communication service providers (CSPs). 

Recently we’ve seen several distributed denial of service (DDoS) attacks targeting VoIP providers, causing voice outages. A DDoS attack is a flood of fake requests and traffic to a company’s website or service. The requests can overwhelm a company, leading to users being unable to access its services. 

One recent victim was US-based Bandwidth.com, which experienced disruption of its voice and messaging services. Alongside Bandwidth, other critical communications service providers such as VoIP.ms, Voip Unlimited and Voipfone have been targeted as part of a “rolling” DDoS attack. 

Of course, VoIP providers don’t just provide voice services to businesses. They also provide a platform for many emergency services to handle call traffic. As such, these latest attacks have caught the attention of lawmakers, with the FBI now investigating the attack against Bandwidth.com. And in the UK, if the attacks have the ability to take down 999 services, they are classed as a terrorist threat. 

The situation presents a particular challenge for channel partners that resell third-party VoIP services. If VoIP outages and quality-of-service (QoS) issues pop up, partners can do little except tell their customers that the issue is outside of their control. 

“There’s lots of instability at the moment because lots of partners and SIP providers are not able to defend against the attacks,” said Ian Rowan, Senior Channel Manager at Wildix UK. 

The goal of the attacks in many cases is to elicit payment from the companies. The perpetrators of the attack against Voip.ms demanded that the company pay 100 bitcoins, or around $4.2 million, to stop the DDoS attack. 

Once attacked, there is also a high chance that the companies will be targeted again – Voipfone also said it had been hit by “a further DDoS attack” after its initial attack. 

Open vs Closed Networks

“The problem is some VoIP providers use open-faced platforms that can be accessed via the internet,” said Rowan, who added that Wildix isn’t in the same vulnerable position to attack. 

“A standard SIP provider’s services have to be open to the outside world because they don’t know where customers are going to be. We are not susceptible to those same attacks because of the way our network is designed. On Wildix we’re only providing Wildix call termination to Wildix PBXs. So, we know where they’re coming from, or we can accept traffic from Wildix customers and not from anyone else. Ours is a closed network, whereas everybody else is an open network.” 

While these DDoS attacks are currently causing great concern among CSPs, the worst may be to come. DDoS attacks rose by a staggering 233% in the first half of 2021. 

Meanwhile, research has identified ‘Black Storm’ attacks that could further impact CSP networks. A report by cyber firm Nexusguard says cybercriminals can launch a Black Storm attack more easily than other types of DDoS attacks. During a Black Storm attack, hackers can leverage any device internet-connected to cripple CSP networks and terminate medium to large-sized enterprises in a clean sweep. 

As a partner, it is vital your VoIP provider is taking every measure to ensure it is as secure from attack as possible, or it could, unfortunately, find itself making headlines in the future.