Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet Canada Communications Security

VoIP.ms Battles Week-Long Sustained DDoS-for-Ransom Attack (bleepingcomputer.com) 37

Slashdot reader Striek writes: VoIP.ms, a Canadian VoIP provider [also serving the US], has been under a sustained, and presumably massive DDoS attack which started on the September 16th, 2021. The attack has been disruptive enough to be covered by major media outlets, including Hacker News, ZDNet, Ars Technica, BleepingComputer, CTV News, and The Toronto Star.

They have so far refused to pay a ransom demand, which has grown from 1 bitcoin at the outset ($45,000 USD at that time), to 100 bitcoin now, or $45 million. Similar attacks have occurred recently on several UK based VOiP providers.

With DDoS attacks against VOiP infrastructure difficult to defend against — or at least more difficult than your bog-standard denial of service, this may be setting a worrying trend.

Bleeping Computer reported Monday that the attack was "severely disrupting the company's operation: As customers configured their VoIP equipment to connect to the company's domain name, the DDoS attack disrupted telephony services, preventing them from receiving or making phone calls. As DNS was no longer working, the company advised customers to modify their HOSTS file to point the domain at their IP address to bypass DNS resolution. However, this just led the threat actors to perform DDoS attacks directly at that IP address as well.

To mitigate the attacks, VoIP.ms moved their website and DNS servers to Cloudflare, and while they reported some success, the company's site and VoIP infrastructure still have issues due to the continued denial-of-service attack.

ZDNet has been following the story: In an update on Wednesday, VoIP.ms apologized to customers and confirmed it was still being targeted by what it described as a 'ransom DDoS attack' . VoIP.ms says it has over 80,000 customers in 125 countries.
And in addition, this afternoon the company's Twitter account announced that "Our main U.S. upstream carrier is currently experiencing major issues on their network affecting inbound and outbound calls and messaging to US numbers. We have already been in contact with their senior leadership team and they are on it along with their whole NOC."
This discussion has been archived. No new comments can be posted.

VoIP.ms Battles Week-Long Sustained DDoS-for-Ransom Attack

Comments Filter:
  • by Anonymous Coward
    $45,000 USD x 100 != $45 million USD.
  • by Ostracus ( 1354233 ) on Saturday September 25, 2021 @08:58PM (#61832473) Journal

    This is one of the few times one wishes the internet carried high voltages. Make the attackers computers blow up like a Star Trek bridge console.

  • this is supposed to be worrying but i find it very difficult to be sympathetic to a company to provides an unlimited amount of annoying scam calls to my cell phones.

    • Some of the companies in this category are unethical, but my understanding is Voip.ms actually does a pretty good job of screening customers and source number resolution. They do make it easier for scammers to cycle through telephone numbers, but I don’t think they support that on a massive scale.

      (I’m a customer for a few phone numbers I use for local area code and to manage commercial calls; my cell phone has an out-of-area code prefix which makes for a hassle in a few situations.)

    • by Sebby ( 238625 ) on Saturday September 25, 2021 @10:03PM (#61832555)

      this is supposed to be worrying but i find it very difficult to be sympathetic to a company to provides an unlimited amount of annoying scam calls to my cell phones.

      As others are quick to point out, not every VoiP provider is complicit with phone scammers.

      I've been with VoIP.ms for over 5 years, and I've been very satisfied with their service - they're feature-rich, which is an excellent option for DIY'ers like me to setup my phone system as I like, all this for a fraction of the price I used to pay Ma Bell before for far less functionality.

      I'll continue to be their customer a long time after this has passed.

    • I agree some VoIP providers make things easy for spammers... voip.ca are not one of them. I've been a customer for years ever since I ditched the overpriced mess called Ringcentral, and I'm often impressed at the efforts they've put into security and authentication that go beyond what I've seen from any other provider. Unfortunately the technology isn't perfect, and much work has to be done, as is true with most of the Internet. These guys are a cut above the rest, which is why I fear they are being tar

  • I happen to have a few Voip.MS numbers, and noticed they were offline. It’s cheap, so I don’t expect much from them, but it has been a huge help at times to have their service. While I get that it is a little harder to manage than a more traditional DDoS, it wouldn’t seem like it should be that resource intensive to whitelist customers for static IP/server use, and have a backup VPN for dynamic/direct application access. You could even charge more for the latter category maybe it would b

    • by Striek ( 1811980 )

      Whitelists sound great, until my softphone tries to register from your hotel WiFi. VoIP.ms does a lot more than basic SIP trunking.

      • Sure, but are you registering directly with your device from hotel wifi, or do you have the registration terminated by a third party and “pushed” to you securely? (I use Bria, which acts as a middleman that could easily be whitelisted.). If I was using a laptop, I would want to have a server ~somewhere~ that handles the calls when it is suspended. Using their voicemail should really just be a last-ditch fallback.

        • In my experience, Bria is not a middleman so much as a centralized configuration depot. At least at our level of service, the actual VOIP connections are to servers behind our firewall. This may vary with their other offerings. In our case, having one place to configure each client is handy.
          • You might be right; their push notification service originally sounded like a middleman, but the connection looks more local.

    • Except the whitelist would have to be managed by an upstream provider that has much more capacity and be able to absorb the excess traffic.

      I manage some services hosted by the same data center as some of voip.ms equipment and we got collateral side effect from the DDOS, so even the datacenter itself seems to be struggling with the load.

      Not only that but SIP itself is going to always be problematic. It poses some of the same challenges as FTP, but over UDP. The control channel is established between 2 hosts,

      • Specific to Voip.ms, and I imagine many similar companies, they have POPs distributed throughout their service areas, so it still shouldn’t be that hard to distribute the workload even if they have to go upstream for some of it.

    • by decep ( 137319 )

      I have directly experienced a UDP flood attack against DNS infrastructure, probably a reflection/amplification type.... it is a nasty attack.

      White lists do not help. If the traffic hits your uplink, you are screwed. The only way you can possibly deal with this type of attack is at the ISP level (before your uplink) or through a cloud provider like CloudFlare. Make sure your checkbook is prepared.

      It was an interesting experience and would have almost been fun if the Executives had not been breathing down

  • by AJWM ( 19027 ) on Saturday September 25, 2021 @09:29PM (#61832519) Homepage

    Just saying.

  • I understand that what cyber cops there are will have trouble tracing who hacked a company in the recent past to ransom their data, but surely something can be done about an on-going DDOS attack. Sure, they're going to be based internationally but even so ...

    • The first "D" in DDOS stands for "distributed". You can't "trace" an attack that is coming from 100,000 or more IP addresses.
  • by Pinky's Brain ( 1158667 ) on Sunday September 26, 2021 @10:53AM (#61833891)

    DDoS is a built in feature of the internet ... time to just relegate the old internet traffic to a low QoS and start Internet 2.0 with more sane design parameters for an adversarial environment.

    Mandatory ingress/egress filtering for every service provider and allowing IP range owners to force firewall rules upstream to the ISP of the spammer would make compromised/amplifying devices the problem of the owner of that device (who will get fucked by his ISP as punishment for loading up the firewall with rules) instead of everyone else's.

    • Why not just embed private, zero trust, identity driven connectivity into the VOIP application layer... that would mean all connection flows are outbound only and thus the VOIP/SIP infrastructure does not need a public IP address as well as removing the need for DNS. It literally stops the problem overnight while having no impact on the user (as its app embedded, its invisible to them).
  • Thank's for information

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...