Telephonic denial-of-service attacks, the new cybercriminal trend

A recent report by the Federal Bureau of Investigation (FBI) warns public and private organizations about the risks of an attack variant known as telephonic denial of service (TDoS), a trend that has been showing steady growth for a couple of months.

This is an automated attack launched with the only intention of collapsing a particular telephone system, blocking any incoming or outgoing calls, a condition that could be especially dangerous in case emergency telephone systems such as 911 are attacked.

“The goal of attackers is to keep some distracting calls active, taking as long as possible to overwhelm the target phone system and minimizing their ability to respond to legitimate calls,” the federal agency says. FBI experts believe these attacks could even lead to the loss of human life, so the risk must be taken seriously.

In the past some cyberactivism groups have pushed such attacks to promote their political stances, although cases have also been detected using TDoS attacks to extort affected organizations, including disruption of critical emergency services: “We have detected a significant increase in coercive tactics employed by threat actors using TDoS attack variants, assets since at least 2013,” the agency says.

On the other hand, a second alert sent by the FBI on a confidential basis mentions that government offices could be a greater target of these attacks due to the limited update implemented in their communications infrastructure.

Agents also point to the presence of hacking groups that provide services and tools for the deployment of TDoS attacks; such factor has undoubtedly contributed to the growth of this trend eliminates the need for expertise. As if that wasn’t enough, these attacks are very difficult to detect, as threat actors often falsify the number that will appear on the caller ID, making it virtually impossible to detect.

To prevent the devastating consequences of an attack like this, the FBI issued a number of recommendations:

  • Notify local authorities for the implementation of an emergency plan
  • Use other emergency numbers in the event of a collapse in 911 services
  • Sign up for automatic notifications from local government, either by email or text message 

To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.