Digital Extortionists DDoS VoIP Providers

A trade body has warned of a major DDoS attack campaign designed to extort money from global Voice over IP (VoIP) providers.

Comms Council UK, which represents over 100 VoIP providers, said “several” of its members and international providers had been hit over the past four weeks as part of a coordinated extortion campaign by professional cyber-criminals.

“As our members supply telecoms services to critical infrastructure organizations including the police, NHS and other public services, attacks on our members are attacks on the foundations of UK infrastructure,” it claimed in a brief statement yesterday.

There were no further technical details about the nature of the DDoS attacks, although a spokesperson told the BBC that the attacks were on an “unprecedented” scale and that the entire global industry was under threat.

“We are liaising closely with the UK government, National Cyber Security Centre (NCSC), Ofcom and international agencies to share information and details about the nature of the attacks in the expectation of halting this criminal activity as quickly as possible,” the statement continued.

“We are confident that, with a joined-up government-led initiative, this damaging criminal activity can be halted.”

ESET cybersecurity specialist, Jake Moore, explained that DDoS could be used in the same way as ransomware, even if the latter appears to have become more popular of late.

“The malicious actors behind this appear to be using their attacks against these firms as an example to threaten other VoIP providers with similar attacks unless they agree to paying a huge ransom. However, paying ransoms provides no guarantee it will stop, and this could even increase the demands,” he continued.

“As more IoT devices come online with weak or no protection, more devices will be exploited and used in huge networks targeting their chosen victims.”

What’s Hot on Infosecurity Magazine?