Summary Bullets:

• Recent hacktivist attacks have been aimed at the corporate phone lines, criminal hackers will launch combined DDoS/TDoS attacks
• The good news is that MSSPs are bringing on TDoS mitigation solutions

On April 12, 2012 a hacktivist group with the ominous name ‘TeaMp0isoN’ targeted the UK counter-terror agency, MI6, claiming to be motivated by the recent decision at the European Court of Human Rights allowing suspected terrorists to be extradited to the United States. However, the attack was not the usual DDoS barrage against the MI6 Web presence. Instead, the group created a wall of phone calls for a period of 24 hours, which meant nobody else could get through. They used a script based on the Asterisk software with a SIP protocol to make calls to the agency’s offices non-stop, basically launching a telephone-based denial-of-service (TDoS) attack.

The attack was well timed – from a BT Assure perspective, as the UK incumbent carrier’s security arm rolled out its new TDoS defense service at the InforSec2012 conference in London last week using a software solution from US-based SecureLogix. Easily-accessible, low-cost VoIP tools allow attackers to launch high-volume, computer-generated IP calls at company telephone lines, PBXes, routers etc. with immediate operational implications for the enterprise. They may also serve secondary functions such as making it difficult for companies to alert authorities to an ongoing attack on company data sites. Although these calls are often originating as auto-generated IP calls, they can still touch any enterprise voice network, whether traditional TDM or newer SIP-based VoIP/UC.

So, similar to the understanding that companies have gained about the importance of threat mitigation to dodging DDoS attacks, they should not be blind to the susceptibility of attacks on the old fixed telephone lines, and the important role they play in everyday communication. BT’s point is that such defenses are available and can be deployed as part of the carrier’s managed security services. The SecureLogix ETM System provides tools to detect and mitigate TDoS attacks, and the ETM System voice network firewall and intrusion prevention system (IPS) applications enable real-time detection and mitigation of attacks. So without overstating the obvious, protecting the telephone lines should be part of any compliance process, and with the BT Assure solution, this becomes an OpEx rather than a CapEx item. But the first question to ask is: have you done any kind of risk assessment relating to the performance of your corporate voice networks? Are there back-up procedures in place to handle a simultaneous attack on corporate data and voice resources?