Recently there has been a spate of DDoS (distributed denial of service) attacks on VoIP (voice over internet protocol) providers, taking them offline. In fact, according to Lumen – which offers a DDoS Mitigation service - the firm mitigated 35% more attacks in Q3, than in the previous quarter.
Among the most recent VoIP provider to fall foul of a DDoS attack is Telnyx, which has customers across the world. This followed attacks which impacted VoIP providers including RingCentral, Twilo, DialPad and Phone.com.
The most common form of denial of service (DoS) attack is when a website is flooded with requests and simply stops responding. Unlike other cyber crimes, DoS attacks don’t breach your security.
A DDoS attack is a little different in that it takes advantage of the specific capacity limits that apply to any network resources – such as the infrastructure that enables a company's website. They can involve multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic. This is intended to make a company’s website and servers unavailable to legitimate users. DDoS attacks are usually opportunistic and hard to mitigate.
These attacks can come in short bursts or repeat assaults; Lumen says that the longest attack on a customer lasted two weeks, a period which could have a devastating impact on the majority of businesses. The business could take months to recover, if it ever does. DDoS attacks not only cost an organisation money, in terms of lost sales and compensation payments and/or ransom payments but can lead to a loss of trust by customers and long-term damage to a company’s reputation.
While DDoS attacks are fairly simply way of disrupting a victim’s business, more recently attackers have used them to extort ransom payments from the companies affected. In fact, DOS attacks of any kind are now very much part of the arsenal of ransomware operators who are looking to extort money from victims, along with data theft, encryption and harassment (telling your stakeholders that you’ve been hacked).
There does seem to be a particular emphasis on targeting the UK from cyber gangs, potentially because the US has been quicker and firmer about stamping down on these gangs with offensive actions, having seen the country targeted in ways which pushed up meat prices, shut down schools, delayed legal cases and led to fuel shortages. There is also an ‘understanding’ – for want of a better word - in the US that the gangs won’t target the VoIP operations of essential services, such as health services.
While this seems like something from a sci-fi film, the truth is that the big corporations with funds and expertise to fight back are becoming less attractive to cyber gangs and they are setting their sights lower. This means that mid or even small-sized businesses are far from safe.
Any business will find it hard to prevent a DDoS attack – cybercriminals are clever and ruthless. But it is worth monitoring your traffic for things like unexplained spikes and unusual visits from IP addresses. You could also get your IT team to keep an eye on social media for news of any potential threats – which might even come from arrogant cybercriminals themselves. There are also businesses which offer third party DDoS testing and DDoS mitigation solutions.
As we said, these attacks can be difficult to mitigate, so it is good to have a plan in place regarding how your business will respond if you are subject to one. It’s sensible have a team in place who are ready to respond, with the goal of minimising the impact of any attack. This would obviously involve your IT team, but also your client and communications teams. As we discussed in a previous blog, when something bad happens it’s always good to be upfront with customers. Be honest about what has occurred, what impact it’s had and what you are doing about it.
In many ways, it’s important not to put all your communication ‘eggs’ in your website basket. You need to make sure that you’ve got a way of communicating with your customers in the event of an attack that’s not connected to your website or not likely to be compromised at the same time – whether that’s by email or via social media.
In the event of an attack, think about who has the passwords to your social media and where these are stored. If they are in a password vault would this be encrypted by ransomware? It could be a good idea to store these important passwords separately, perhaps in a laptop locked away somewhere away from your office.
As we wrote about during the start of the pandemic, every business needs a disaster recovery plan and, as part of this a good communication plan. During the recent attacks on VoIP providers, customers complained that they didn’t feel informed. As ever, good communication and making sure you have plans in place to achieve this are vital.
If you’ve got any questions about this complex area, do get in touch with our team at Lake Solutions on tel: 020 3397 3222.