Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals.
The United States’ Federal Bureau of Investigation (FBI) has issued a stark warning about consequences that telephony denial-of-service (TDoS) attacks on call centers could have on people’s lives.
If launched against critical call centers, TDoS attacks could ultimately prevent callers from reaching emergency services such as first responders in time and so pose a legitimate threat to public safety. “The resulting increase in time for emergency services to respond may have dire consequences, including loss of life,” reads the FBI’s public service announcement.
As the name suggests, the goal of TDoS attacks is to overwhelm a telephone system to such an extent that it would be unavailable for the intended users. This is done by keeping up a series of distraction calls going on for as long as possible, flooding the victim’s telephone system, delaying legitimate phone calls or even making it impossible for them to make it through.
While in the past TDoS attacks were conducted manually by encouraging people on social networks to join in calling campaigns to inundate specific telephone numbers, the perpetrators have now evolved their modus operandi and use automated systems.
“An automated TDoS attack uses software applications to make tens or hundreds of calls, simultaneously or in rapid succession, to include Voice Over Internet Protocol (VOIP) and Session Initiation Protocol (SIP). Numbers and call attributes can be easily spoofed, making it difficult to differentiate legitimate calls from malicious ones,” the Bureau explained.
Hacktivism, harassment and financial gain through extortion are among the most common motives for carrying out TDoS attacks. While hacktivists may use computer network exploitation to further their political and social causes, threat actors will resort to TDoS attacks as a way of squeezing municipalities for money.
RELATED READING: 5 ways cybercriminals can try to extort you
written by Amer Owaida, ESET We Live Security