DDoS Attacks on Business Voice Infrastructure are Rising

More phone calls than ever are being transmitted over the Internet via VoIP and SIP technologies, and hackers are finding increasingly sophisticated ways to carry out attacks on business phone infrastructure. DDoS attacks on voice networks are one category of cybercrime that is becoming more common. Threat actors know that security personnel are more concerned with tackling direct attacks on network systems, and, as a result, voice infrastructure is left exposed and vulnerable.

A Distributed Denial of Service attack (DDoS) is an attempt by an outside actor to disrupt the normal traffic of a targeted server by overwhelming the target or its surrounding infrastructure by a flood of internet traffic. This is done by using compromised devices (often referred to as a botnet) as a source of traffic. Once overwhelmed by this malicious traffic, the service becomes slow, unresponsive and can crash, resulting in a ‘denial-of-service’ to normal traffic.

To understand how this relates to voice traffic, it’s important to understand how VoIP works. Voice (and/or video) is transmitted over the Internet in IP packets. It’s this ‘packet-switching’ which results in the efficient use of network resources. VoIP servers process packets as fast as possible to provide a quality service, however, if the rate of packets exceed the server’s capacity, the result is latency and call disruption. Attackers can cause this to happen by bombarding the server with call initiation requests. Another way of doing this is by causing a SIP reflection attack by spoofing the target’s address and sending traffic to thousands of SIP servers which then send unsolicited replies to the target, again resulting in a denial-of-service event.

DDoS attacks on voice systems have been steadily rising since 2021 as threat actors discover how effective these attacks can be. The damage can be severe, particularly for data centres, hosting companies and other services providers. Because DDoS attacks threaten service availability, they can cause significant financial and reputational damage. Furthermore, attacks are sometimes used to distract security personnel from other criminal activity such as data theft or a network breach.

As threat actors refine their techniques and enhance their capabilities, DDoS attacks are becoming more frequent and more complex. As well as SIP reflection attacks, cybercriminals are making use of DDoS-for-hire services to initiate multiple attacks. In late 2023, a new DDoS attack method appeared – the HTTP/2 Rapid Reset Layer. It was able to bypass traditional methods of DDoS protection, such as rate limiting or basic blocklists – a reminder that security measures must continue to advance as cybercriminals innovate their own techniques.

Despite the growing threat levels, according to a Metrigy report, while 90% of IT leaders believe voice security is important, only 49% have implemented a voice security solution. However, there are basic techniques businesses can use to protect their voice services, such as:

Network monitoring and management – Monitoring traffic can help detect unusual patterns, while robust network management practices ensures that suspicious activities can be identified and addressed promptly.

DDoS migration services – There are now services available that can absorb and filter malicious traffic – useful in preventing large-scale attacks on business voice networks.

Redundant systems – Back up systems and failover mechanisms can help maintain services in the event of an attack. Solutions providers, such as DigitalWell, can advise on the best way to implement these plans.

Rate limiting and filtering – Configuring VoIP servers to limit the number of requests from a single sources can reduce risk, as well as filtering traffic to block malicious IP addresses.

Employee training – As part of cybersecurity awareness programmes, employees should be trained about the risks and be able to spot the signs of a DDoS attack.

DDoS attacks on voice networks are a growing risk for businesses with significant potential for service disruptions, financial loss and reputational damage. Organisations must understand the threats and invest in the appropriate tools to mitigate risks. There is only so much you can do in-house, but there are new security solutions emerging that can provide comprehensive protection for voice infrastructure.

One such solution is siprotect from DigitalWell. Talk to a representative to discover how siprotect can protect your business voice services.