This original-content post is certified plagiarism-free* by the Proof of Blind team (see below for what that means).
DDOS, VOIP and YOU.
Image by B_A from Pixabay
First things first lets get some technical jargon out of the way.
DDOS: Distributed Denial of Service
VOIP: Voice over IP
BYOD: Bring your own device
Gbps: Gigabits per second
YOU: That's you silly, the end user
So what does this all mean? Attacks on voip infrastructure is nothing uncommon. Mitigating such attacks are costly if the infrastructure is not in place. Many of the providers being hit are smaller outfits without the full protection required. Attacks change quickly and require a plan that not only mitigates the attack but also doesn't kill your wallet.
The smaller providers of any quality will co-locate equipment around the world attempting to provide a low latency connection to their clients. This usually means renting out the equipment of others or perhaps using their own gear. Most end users do not completely know. Providing such information can also be another vector of attack for threat actors wishing to do harm. You can generally tell based on the size of the business but this is not always foolproof.
What does the ddos do? Denial of service is the end plan here. Disrupt the network.
Why would someone do this? There are many different explanations that vary depending the individual or group conducting these attacks. These days it's for extortion or pure profit. Once in awhile it may be political, simply a grudge or even sabotage from former employees or competitors.
How is this ended? Another question with many possible outcomes. Ransom payment, the attacker simply gives up or any other random event that may occur.
I think we're generally versed in the topic of discussion. Here's what has been happening lately.
Image by Markus Spiske from Pixabay
September appears to be the month where ddos attacks started happening in Britain on smaller voip providers.
source
A familiar name pops up, REvil most well known for attacking Apple. The name is bantered around but I have serious doubts these are the same group. Hitting smaller voip companies appears to be not worth the effort. I believe the name is being used while the actual perpetrators are a totally different group. Maybe the group name along could instill some fear in those they are hitting? I wouldn't put it past them.
A ransom appears and according to the article they're asking for 1 Bitcoin and that rate is increasing. They're being hit with upwards of 500 Gbps of traffic during their attack. This is nothing to sneeze at and will crumble most networks not built to handle this type of traffic.
The attack is eventually stopped but I'm not sure how it was stopped. Did they pay or did the attackers move on? This is not clear.
We now skip forward to September 16, 2021 and a well known North American provider of byod voip service starts getting hit with a ddos. Unlucky for me as I have a line with them and I start noticing dropped calls and no service issues.
The group going under the same name REvil takes to Twitter and the extortion begins with all to see. Send us some cryptocurrency to the provided pastebin link address, a popular text only anonymous sharing site. I see the account has since been suspended from Twitter upon checking.
source Twitter account has since been suspended.
They're nice enough to prove that they're the ones conducting the attack by shutting off the attack momentarily.
source Twitter account has since been suspended.
A little bit of baiting is not uncommon. They are in control now.
source Twitter account has since been suspended.
REvil even starts providing technical support to bewildered customers while blaming the company for refusal to pay.
source Twitter account has since been suspended.
The gauntlet is thrown down. The initial extortion number was 1 Bitcoin and now it's 100 Bitcoin.
source Twitter account has since been suspended.
This is how things go when you don't play ball. 1 Bitcoin was around 46,000 USD at the time and now they want 4.6 million. These companies can't afford to pay these ransoms as the profit margins in the voip game are generally razor thin.
The attack is still ongoing and we are in early October, 2021. When will it end? The company is refusing to pay and mitigating the attack through Couldflare and other providers. They are still not back to normal but it is much better than it used to be.
Let's not forget many of the smaller voip providers are leasing bandwidth too from larger providers. The provider of your provider are huge entities and even they are being hit. This is some scary stuff.
Image by Alicia Zinn from Pixabay
Law enforcement comes to mind very quickly if you're even able to trace it back to a group or individual. Disrupting telecoms is an area that's very unwise to tread. This is an essential service and especially messing with emergency services is dangerous game to play. Human lives can literally hang in the balance during these events. Many agencies across the world will have their eyes on you immediately and if they're ever caught the consequences will be dire for them.
What should the customer or reseller do at this point in time? The resellers have lost most of their clients or have a few left who will stick it out. As a business running multiple lines this is unacceptable. You're losing business every minute you're down.
Do you port out all your numbers from your current voip provider and move to someone else? Who's to say they will not be hit next? The porting process is not instantaneous and if you need to port hundreds or thousands of numbers this can be a huge undertaking. If you're running that many lines then why are you not on a proper business rated provider that can mitigate these issues?
There are so many questions here. As a business why do you not have a backup plan? If your business relies heavily on the use of a phone you need to pay and a traditional land line cannot be beat. The prices are atrocious compared to the savings of voip but your uptime is generally amazing depending on the region of the world you inhabit.
Image by Pexels from Pixabay
The real question that made me want to start writing this is the digital ransom.
Anyone can come along and shakedown your business in the digital age if they really want to. Do you pay the ransom and continue? Do you refuse and potentially be wiped out?
Paying the initial 1 Bitcoin at 46K is cheaper than the amount of money that will be spent to even start a mitigation strategy. You pay and everything is all well for a month or two. They return and the process starts again. This is a slippery slope if I've ever seen one.
You refuse and don't pay. The situation they and I am now in. The threat actor is now angry and unleashes the full deluge of the army on your servers. Time to call in the experts as most of the smaller firms can't handle these attacks effectively. You're paying out huge sums to hopefully remain online and not lose all your customers. Voip is an essential service after all especially in a business setting. Will you be bled dry or will you survive?
I for one am happy this company did not pay. I'm paying myself with intermittent issues but can always fall back to other lines I have with different providers. You always need a backup plan for all things and you'd be surprised how often you actually need them. There's nothing worse than needing something in the moment without it being available.
Many of the servers are now sitting behind layers of further protection. The company is building a more robust network but the initial holes were gaping. I hope in the end whenever this ends the network will be able to withstand such attacks with ease. I too wonder if they'll spin down protection once the main attack is over for cost cutting savings and only implement it in those dire emergencies. The life of a smaller voip provider can be very troublesome and that extends to you, the customer.
STATEMENT OF ORIGINALITY:
This submission represents original content, created by me, that has never been published before, on Hive or elsewhere.
Thank you for running this.
About this post
This post was submitted by an up-and-coming original-content creator to the Proof of Blind project, has been reviewed for plagiarism, and is certified plagiarism-free*.
How can I submit original content to the Proof of Blind project?
First and foremost, go to the latest "Request for Submissions" post and follow the instructions.
Second, follow @blind.submit so you will receive all future "Request for Submissions" posts.
Third, follow @blind.stats so you can follow the leaderboard and see how your content compares to all the other content being submitted via the Proof of Blind project (and see whether you have been granted permission to post to the project more than once a week).
How can I curate for the Proof of Blind project?
Simply follow @proofofblind and vote for the best content you find there.
Also, if you are interested in photography-only and art-only posts, follow @proofofblind.pix and @proofofblind.art.
*What does certified plagiarism-free mean?
As a result of our plagiarism review, we are confident that this post represents original unpublished creative work.
We are backing that confidence with a 150% curation-reward guarantee.
If you vote for this post and it is found to have been plagiarized (prior to the close of the voting period), we will coordinate efforts to zero out all presumed author rewards. However, that also zeros out all curator rewards. To protect our curators, we will fully reimburse any would-be curation rewards that were zeroed as a result of the plagiarism enforcement, and we will add 50% to it.
This guarantee applies to any curation rewards that would have been worth at least $1 at the time the payout would have occurred. For example, if your upvote was worth $2 in HIVE and $2 in POB, but was zeroed out due to plagiarism-enforcement, then we would reimburse you $1.50 worth of HIVE and $1.50 worth of POB.
What is Proof of Blind and how does it work?
Here is a quick overview:
Content creators submit their original content (following the procedure detailed at the end of the "Request for Submissions" post).
Submitted content is checked for plagiarism.
Plagiarism-free content is posted via the @proofofblind account* (typically within 24 hours after submission), with
- the original author as 85% beneficiary,
- the person who coordinated the plagiarism review and finalized the @proofofblind post as 10% beneficiary,
- @proofofblind retaining 5%.
Thanks for you interest in the Proof of Blind project!