Act Now to Stop DDoS Attacks on Voice Networks
Cybercriminals will always look toward new attack vectors, such as voice networks, to find the one weak spot.
February 12, 2019
From Dark Reading
Mykola Konrad
By Mykola Konrad, VP of Product Management, Ribbon Communications
An estimated 240 million calls are made to 911 in the U.S. each year. With the population estimated at more than 328 million people, this means each U.S. resident makes, on average, more than one 911 call per year.
So, what happens when the system goes down?
Unfortunately, answers can include delays in emergency responses, reputational damage to your brand or enterprise by being associated with an outage, and even loss of life or property. We have seen very recent examples of how disruption in 911 services can impact municipalities. For example, days after Atlanta was struck by a widespread ransomware attack, news broke of a hacking attack on Baltimore’s computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls. For three days, dispatchers were forced to track emergency calls manually as the system was rebuilt — severely crippling their ability to handle life-and-death situations.
In 2017, cybersecurity firm SecuLore Solutions reported that there had been 184 cyberattacks on public safety agencies and local governments within the previous two years. 911 centers had been directly or indirectly attacked in almost a quarter of those cases, most of which involved distributed denial-of-service (DDoS) attacks.
Unfortunately, these kinds of distributed denial-of-service (DDoS) attacks will continue unless we make it a priority to improve the security of voice systems, which remain dangerously vulnerable. This is true not just for America’s emergency response networks, but also for voice networks across a variety of organizations and industries.
The Evolving DDoS Landscape
In today’s business world, every industry sector now relies on Internet connectivity and around-the-clock access to online services to successfully conduct sales, stay productive and communicate with customers. With each DDoS incident costing an average $981,000, no organization can afford to have its systems offline.
This is a far cry from the early days of DDoS, when a 13-year-old student discovered he could force all 31 users of the University of Illinois Urbana-Champaign’s CERL instruction system to power off at once. DDoS was primarily used as a pranking tool until 2007, when Estonian banks, media outlets and government bodies were taken down by unprecedented levels of Internet traffic, which sparked nationwide riots.
Today, DDoS techniques have evolved to use internet-of-things devices, botnets, self-learning algorithms and multivector techniques to amplify attacks that can take down critical infrastructure or shut down an organization’s entire operations. Last year, GitHub experienced the largest-ever DDoS attack, which relied on UDP-based memcached traffic to boost its power. And just last month, GitHub experienced a DDoS attack that was four times larger.
As these attacks become bigger, more sophisticated and more frequent, security measures have also evolved. Organizations have made dramatic improvements in implementing IP data-focused security strategies; however, IP voice and video haven’t received the same attention, despite being equally vulnerable. Regulated industries like financial services, insurance, education, and health care are particularly susceptible — in 2012, a string of DDoS attacks severely disrupted the online and mobile banking services of several major U.S. banks for extended periods of time. Similarly, consider financial trading — since some transactions are still done over the phone, those jobs would effectively …
… grind to a halt if a DDoS attack successfully took down their voice network.
As more voice travels over IP networks and as more voice-activated technologies are adopted, the more DDoS poses a significant threat to critical infrastructure, businesses and entire industries. According to a recent IDC survey, more than one-half of IT security decision-makers say their organization has been the victim of a DDoS attack as many as 10 times in the past year.
Say Goodbye to DDoS Attacks
For the best protection from DDoS attacks, organizations should consider implementing a comprehensive security strategy that includes multiple layers and technologies. Like any security strategy, there is no panacea, but by combining the following solutions with other security best practices, organizations will be able to better mitigate the damages of DDoS attacks:
Traditional firewalls: While traditional firewalls likely won’t protect against a large-scale DDoS attack, they are foundational in helping organizations protect data across enterprise networks and for protection against moderate DDoS attacks.
Session border controllers (SBCs): What traditional firewalls do for data, SBCs do for voice and video data, which is increasingly shared over IP networks and provided by online services. SBCs can also act as session managers, providing policy enforcement, load balancing and network/traffic analysis.
Web application firewalls: As we’ve seen with many DDoS attacks, the target is often a particular website or online service. And for many companies these days, website up-time is mission-critical. Web-application firewalls extend the power of traditional firewalls to corporate websites.
Further, when these technologies are paired with big-data analytics and machine learning, organizations can better predict normative endpoint and network behavior; in turn, they can more easily identify suspicious and anomalous actions, like the repetitive calling patterns representative of telephony DoS attacks or toll fraud.
DDoS attacks will continue to be a threat for organizations to contend with. Cybercriminals will always look toward new attack vectors, such as voice networks, to find the one weak spot in even the most stalwart of defenses. If organizations don’t take the steps necessary to make voice systems more secure, critical infrastructure, contact centers, health care providers, financial services and educational institutions will certainly fall victim. After all, it only takes one overlooked vulnerability to let attackers in.
As vice president of product management, Mykola Konrad leads Ribbon Communications‘ global SBC, analytics and security product portfolio. Mykola has 25 years of technology development and product management experience, most recently serving as vice president of marketing at Sonus.
Read more about:
AgentsYou May Also Like