Attackers are now using DDoS services that offer attacks on telecommunication systems as part of larger attack schemes. These attacks, known as TDoS attacks, can be a relatively cheap option for cybercriminals looking into diversifying their attack vectors.
Researchers have seen a series of advertisements and forum posts promoting services that can “flood” both mobile and stationary telephone lines. Often these attacks are used as a distraction while attackers launch simultaneous attacks on their victims, according to Curt Wilson of Arbor Networks’ Security Engineering and Response Team (ASERT).
The advertisements publicize services to flood telephones for $20 a day and $5 per hour, $20 for 10 hours and $40 a day. “Prices depend on the individual and ‘complexity’ of the order,” according to one advertisement, seen below:
Wilson goes on to discuss several techniques attackers employ when penetrating Session Initiation Protocol (SIP) systems including running brute-force password guessing scripts and defeating default credentials to gain control of VoIP/PBX systems.
TDoS attacks are nothing new – the Federal Bureau of Investigation looked into the flooding of phone lines in 2010 after investigating an incident where a Florida dentist lost $400,000 from his retirement account through a diversionary TDoS attack.