DDoS take down VoIP
Two UK VoIP Providers have been under attack since Tue 31 August 2021 by an aggressive DDoS attack.
South Coast-based Voip Unlimited has confirmed it has been slapped with a “colossal ransom demand” after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil.
Their Status page indicates attack is still ongoing but they have managed to regain control of their network and majority of their services are up with intermittent quality issues while the attackers pursue their relentless attack.
Unrelated, London-based Voipfone (see status page here) is also still suffering outages on voice, inbound and outbound calls, and SMS services. Like Voip Unlimited they gave also regained control over some of their services but customer continue to be effected by the attack.
Mark Pillow, MD of Voip Unlimited, told us the company takes “full responsibility of the availability of our services to our clients” and that he is “extremely sorry for all inconvenience caused.”
In a statement, he explained: “At 2pm 31st August, Voip Unlimited’s network was the victim of an alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand.”
As a result of the attack some of VoIP Unlimited’s network experienced “intermittent or total loss of internet connectivity services” although customers using its Voip Unlimited Ethernet and Broadband services are understood to have remained largely unaffected.
In the news
https://www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/
What is DDoS attack mean?
Distributed Denial of Service Distributed Network Attacks are often referred to as Distributed Denial of Service (DDoS) attacks. … The DDoS attack will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning correctly.
Sounds hard? No, not really!
Unfortunately not any more, all the hard work has been done by criminals. Criminals can just pay and consume.
How does it work?
DDoS attacks are carried out with 1000’s of compromised and dedicated machines connected to the internet.
These machines consist of computers and other devices (such as IoT devices)which have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet.
Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot.
When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic.
Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.
The non technical explanation of a DDoS attack
Imagine you are a bouncer at the door of a night club (firewall). You are allowing VIP guests in only to your event (Good traffic). While you are checking invitations an angry mob of 10,000 non VIP guests arrive at the door and smash at the door and demand access. The bouncer closes the door to try and safe guard the club. The crowd does not go away. Behind the 10,000 mob is waves and waves of more angry guests they just keep coming.
This is why DDoS attacks are so difficult to mitigate. Even if the club installs water cannons to disperse the crowds more keep coming, preventing the VIP guests getting close to the doors to be let in. So as the VIP (friendly traffic) can’t get to the door it gives up and goes home. This is also what happens to the digital traffic, it gives up and goes home.