BACKGROUND:
An “unprecedented” and co-ordinated cyber-attack struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to comms council the UK. This type of distributed denial-of-service (DDoS) works by flooding a website or online service with internet traffic in an attempt to throw it offline or otherwise make it inaccessible. Yesterday’s attack targeted VoIP providers that supply phone services to UK businesses, including emergency services.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>It’s very naive to dismiss DDoS as an unsophisticated attack vector. Like most criminal methodologies it has evolved over time into a very useful tool for cybercriminals. It’s often a vehicle for distraction whilst other data breach activity takes place but is equally useful as a Ransomware technique. Ransomware relies on the inaccessibility of data and, whilst commonly achieved by network infiltration and encryption, denying access is equally effective albeit for a shorter period of time. The VoIP service providers currently under attack have clearly taken the best approach by informing and liaising with the relevant authorities. Whilst it may take some time to resolve the issue, their customers should be patient and observant, follow any advice provided, and be confident that this approach will make the sector a much less attractive target in the future.</p>
<p>This attack doesn’t come as a huge surprise, Telco’s have been the target of cybercriminals for many years with the aim usually being to defraud the customer, and these kind of attacks have only increased during the disruption bought about by the pandemic. Hackers have benefited as many businesses frantically switched their focused from security to survival, and over the past two years we have seen attackers start to operate more like a businesses, diversifying as opportunities arise. <u></u><u></u> <u></u><u></u></p>
<p>For every barrier a business puts in the way they should expect to see a new evolution of attacks as a result, highlighted by the growth in ransomware and increase in businesses being held to ransom in unique ways. Unfortunately for businesses, it means they cannot get complacent and need to constantly understand and analyse where their security weak points are in order to address where and how they could be targeted. With companies now facing advanced and persistent threats, they need to start thinking like a hacker and learning how to reduce the chance of compromise and disruption through security and resilience.</p>
<p>There is no shortage of compromised devices out there (desktops, laptops, tablets, mobiles, etc.). These compromised devices are often pooled to form bot networks (or botnets for short). Attackers take advantage of this situation by either controlling large botnets or buying access to them. Once the attackers have a massive botnet at their disposal, they can decide to turn it against their next victim or victims in an instant.</p>
<p>This week, UK VoIP providers are the latest victims, as attackers decided to turn their armies of bots against them. Unfortunately, there is little organisations can do to stop the compromised devices themselves. Instead, businesses should focus on what they can do within the figurative walls of their virtual enterprise to protect themselves from these (and other) attacks. In other words, compromised devices and botnets are here to stay. DDoS protection and protection from other types of attacks (including bot attacks), however, has improved. Modern DDoS protection is now quite advanced. Solutions can include multi-layered defences that protect against blended network attacks and sophisticated application attacks – all while enabling full SSL decryption, anti-bot capabilities, and advanced detection methods.</p>