In IT circles today, distributed denial-of-service — or DDoS — attacks are a well known threat, as it’s relatively simple to flood a server or system with thousands of requests from compromised computers. More hackers are starting to go old school, however, shutting down businesses and infrastructure by using phones.
Telephony denial-of-service (TDoS) attacks are growing in popularity. Emergency response call centers have been targeted, and even a celebrity prank can overwhelm a local law enforcement office. Mark Collier, the CTO for SecureLogix, knows how dangerous TDoS attacks can be.
“At a high level, a TDoS attack is a flood of malicious calls usually aimed at a contact center, a business, enterprise or government site where the phone system is critical — like 911 or a financial contact or maybe an intensive care unit at a hospital,” Collier told GCN. “Anywhere the phone service is important.”
Collier said TDoS attacks also can be used as a diversion to hide a much larger attack, which was the case during an attack on Ukraine’s power grid late last year.
“It may be part of an extortion scheme, it might be just to disrupt things for a company people don’t like or it may be a diversion for a different attack,” Collier said. “Usually the attackers are using automation to make the calls. They’re basically placing lots and lots of robocalls or they might have an open source piece of software with some call generation capabilities and they’ll use voice-over IP access in the voice network to get the calls in the network.”
At a presentation on TDoS attacks last month hosted by the Department of Homeland Security’s Science and Technology Directorate, Collier said that TDoS attacks are cheaper and easier to mount than attacks over the Internet. And WTOP recently reported that DHS believes TDoS attacks are on the rise, with critical government phone systems across the country a possible target.
SecureLogix has two systems designed to stop TDoS attacks. Its legacy product, known as the Enterprise Telephony Management system, has been around for more than 10 years and is designed to support traditional telephone networks. The newer product, PolicyGuru, is designed for VoIP networks and is being used in a partnership with DHS.
“We have a product and service that we deploy at the enterprise or government network,” Collier said. “So we can put it into a DHS or DOD network or enterprise contact center … and it’s going to look at all the call traffic and the signaling or the metadata, call number destination and some other information. In the case of TDoS, the system will differentiate the good calls from the bad calls and then do its best to terminate, re-route or otherwise treat other calls that make up the attacks.”
In simpler terms, the product acts as a firewall that sits at the edge of an enterprise or government voice network, between the private branch exchange or call manager and the service provider. Additionally, PolicyGuru can allow specific phone numbers to get through a network while blocking others.
Collier said PolicyGuru has been deployed at several banks and insurance companies, but SecureLogix is continuing its work with DHS and teaming up with 911 centers and other emergency responders in order to apply its research and updates in real-world settings.
Collier’s ultimate goal is for SecureLogix’s products to get to a point where they can tell immediately if a call is fake, part of an attack or an automated message.
“One of the things we’re doing with DHS is how do you detect when a call is fake — that is a tough problem but that’s really kind of the underlying challenge,” Collier said. “Anyone can block a robocall when you have the number, you can just build a blacklist … but when they’re changing the numbers all the time or hiding the number, that’s tough to detect. So the stuff we’re doing on the surface with DHS is about TDoS, but we’re really trying to make a dent in this issue and find out how we can detect that.”