TDoS Attacks Take Aim at Emergency First-Responder Services

emergency services down

The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.

Telephony denial-of-service (TDoS) attacks, which affect the availability and readiness of call centers, are hitting critical first-responder facilities, according to the Federal Bureau of Investigation (FBI).

A TDoS attack is designed to prevent incoming and outgoing calls, by flooding a target with junk calls.

“The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service,” according to a recent announcement from the FBI.

Worryingly, TDoS attacks have been hitting Public Safety Answering Points (PSAPs), which are call centers responsible for connecting callers to emergency services, such as police, firefighting or ambulance services.

“PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public,” according to the FBI. “The resulting increase in time for emergency services to respond may have dire consequences, including loss of life.”

The FBI also warned that TDoS attacks could be used in conjunction with a physical attack, when calls to 911 and other emergency numbers would crest.

How TDoS Attacks Work

TDoS attacks can be manual or automated, according to the FBI. In the case of the former, adversaries typically use social networks to encourage individuals to flood a particular number with a calling campaign.

An automated TDoS attack on the other hand uses VoIP software and session initiation protocol (SIP) to make tens or hundreds of calls, simultaneously or in rapid succession.

“Numbers and call attributes can be easily spoofed, making it difficult to differentiate legitimate calls from malicious ones,” according to the alert.

Why do Attackers Carry Out TDoS?

TDoS attacks are not a new phenomenon; Arbor Network started noticing an increase in attacks targeting telephony system infrastructure as far back as July 2012. They claimed that the method is a relatively cheap option for cybercriminals looking into diversifying their attack vectors.

There are a number of reasons why attackers might turn to TDoS. For instance, hacktivists or social-cause-motivated cybercriminals might target municipal services to advance or highlight a political cause, the FBI pointed out.

Pure financial gain is another motive. TDoS attacks are sometimes part of extortion schemes aimed at private companies in which attackers impersonate a collections agency representative collecting an outstanding (and fictional) loan or other fee. If the target doesn’t pay, the attacker launches the TDoS attack that, if successful, inundates the call-center with call traffic and ultimately overwhelms it, potentially making it impossible to complete ingoing and outgoing calls.

Malicious actors may also use TDoS attacks to harass call centers and distract operators just “for fun,” with a disregard for harmful effects. These attacks may be accompanied by messaging on social media platforms in order to increase the severity, according to the FBI.

How to Prepare for an Emergency

The FBI noted that citizens can be prepared for a TDoS attack.

“The public can protect themselves in the event that 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area,” the FBI counseled.

Steps to take include:

  • Contact local emergency services authorities for information on how to request service in the event of a 911 outage.
  • Find out if text-to-911 is available in your area.
  • Have non-emergency contact numbers for fire, rescue and law enforcement readily available.
  • Sign up for automated emergency notifications from your locality.
  • Identify websites and follow social media for local emergency response.

Is your small- to medium-sized business an easy mark for attackers? 

Threatpost WEBINAR:  Save your spot for 15 Cybersecurity Gaffes SMBs Make,” a  FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.

Suggested articles