Updated November 8th, 2021.

On September 16th, the VoIP provider, VoIP.ms, began dealing with a ransom DDoS (Distributed Denial of Service) attack. It took down almost all their services and portals, leaving the majority of their customers without phone services. The threat actors targeted both DNS name servers and direct IP addresses. Within the first couple of days, REvil took ownership and demanded payment. Before the 16th, multiple other VoIP providers in the UK had also been attacked.

Because of this, Bill reached out to our VoIP partner on September 23rd, bringing up his concern that a similar attack would occur again and impact our team and clients. A mere two days later, his prediction came true. Bandwidth.com, one of the main telephone providers for US VoIP companies, was attacked by REvil, the same group that hit VoIP.ms, Kaseya, and BMS this year. The impact trickled down to many major VoIP providers for businesses like ours. One of our clients was noticeably impacted, but Bill kept all of our clients with the VoIP partner’s system up to date, just in case. Issues revolved around inbound calls to auto attendants, outbound calls, and dropped calls. Around the end of business yesterday (September 28th), things thankfully started to slow down after a rough start to the week.

So, even though the problem didn’t impact our company’s clients too much, and is largely resolved, why should we still care? Because VoIP services are reliant on the Internet, servers and endpoints must be publicly accessible. Therefore, they are a prime DDoS target. With ease, the hackers are simply jumping from one carrier to the next, resulting in people running into hurdle after hurdle. “Computer software, gaming, gambling, IT and Internet companies [have seen] an average increase in attacks of 573% compared to the previous quarter.” Attacks are increasing due to the Internet of Things and increased resources are leading to larger attacks. They’re occurring due to “unauthorized network access through phishing, vulnerability exploitation, and ransomware deployment when coupled with data exfiltration.”  How did we get out of this mainly unscathed? One, not all of our clients use the same VoIP provider. Two, we have not switched carriers, which often causes victims to get attacked twice. Three, our team uses separate systems for calling and texting. Therefore, even if our phones were to go down, we’d still have both text and email to communicate with our clients and address tickets. Of course, this separation does not mean you’re bulletproof, but at least it isn’t a one-stop-shop attack. All in all, criminals are beginning to realize that “attacking the non-web servers of the Internet’s global VoIP providers [is] a new revenue source for extortion demands.”

If you’re worried about being a victim of a multi-day VoIP outage, contact us to create an incident response plan or to discuss your options. To learn more about the VoIP services we provide, click here. You’d be making the proactive choice, because “we may be at the beginning of a new era of cryptocurrency-enabled DDoS-driven extortion.”