Experts have found that distributed denial-of-service (DDOS) attacks launched against telecommunication systems are advertised by cybercriminals for prices as low as $20 per day. DDOS attacks are usually used by cyber criminals for revenge, extortion, for ideological or political reasons, and even as a form of hiding financial crimes.
Inspired by the “phone bomb” attack launched by TriCk of Team Poison against the phone lines of UK’s counter-terrorism hotline back in April, experts from Arbor SERT have turned their attention to attacks that target traditional telecom systems.
They’ve found that cybercriminals are advertising “professional services” to anyone who’s willing to pay between $20 per day and $30 per hour to make sure that a certain phone is flooded with phone calls.
According to the researchers, the SIP flooding attacks, such as the ones utilized by TriCk against MI6, are not uncommon these days.
“Often, SIP flooding attacks take place because attackers are running brute-force password guessing scripts that overwhelm the processing capabilities of the SIP device, but we have also seen pure flooding attacks on SIP servers,” Curt Wilson of Arbor SERT explained.
“Once the attackers obtain credentials into a VoIP or other PBX system, that system can become a pawn in their money-making scheme to perform DoS, Vishing, or other types of attacks.”
The expert reveals that the VoIP and the PBX systems are usually easy to penetrate because the access credentials are weak, being easy to guess with a brute force attack.
An organization’s entire phone systems can be easily brought down if they’re connected to the Internet and the attacker manages to gain access to the controller, researchers explain.
As other experts highlighted on past occasions, the fact that such DDOS services are advertised indicates that large amounts of money are circulating in underground markets around these types of services.
This means that companies should start focusing their efforts towards protecting their phone systems, just as they would be normally doing with other parts of their network.
