The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives.
TDoS attacks could render telephone systems unavailable making it impossible to make and receive calls, a scaring scenario when the attackers target 911 or other emergency call centers.
TDoS attacks could be manual or automated. Threat actors behind manual TDoS attacks use social networks to encourage individuals to call a call center simultaneously flooding it.
An automated TDoS attack leverages specific applications that allows attackers to make tens or hundreds of calls simultaneously, caller attributes can be easily spoofed making it impossible to differentiate legitimate calls from malicious ones.
“A TDoS attack is an attempt to make a telephone system unavailable to the intended user(s) by preventing incoming and/or outgoing calls. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service. The resulting increase in time for emergency services to respond may have dire consequences, including loss of life.” reads the FBI’s public service announcement.
“TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves in the event that 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area.”
The motivations behind this type of attacks are multiple, including hacktivism, financial gain through extortion, or harassment.
The FBI also provided a list of guidelines on how to prepare for a 911 outage:
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, TDoS)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.