Cyber-Attack On UK Voice-Over-Internet Protocol (VoIP) Service Providers

Multiple UK-based voice-over-internet protocol (VoIP) service providers have reported being struck by cyber-attack. According to Comms Council UK – an industry body for VoIP service providers, an ample amount of its members have received unprecedented and coordinated attacks of distributed denial of service (DDoS) in the last few weeks. A spokesman of the UK council reveals that “An overall threat has been made to the entire industry.” Ofcom, UK’s communications regulatory agency, with the responsibility of regulating the TV, radio, and video on demand sectors, fixed-line telecoms, mobiles, postal services reveals it is aware of the situation. “We’re aware that some networks have been experiencing problems recently and we are in contact with them to establish the scale and cause of the problem.”

The DDoS attack is a malicious type of attempt to disrupt or overwhelm normal traffic of a targeted server, website, online service or network in an attempt to throw it offline or render it inaccessible. The practice in the past was to take websites offline and in other to make political statements. But the latest series of attacks have been directed at VoIP service providers in an attempt to extort these companies. These VoIP service providers are companies that offer internet-based calls to a wide range of customers in private and public sectors including the police and NHS.

In a statement by Comms Council UK, DDoS attacks on these British VoIP firms have continued to occur for the past four weeks and “appear to be part of a coordinated extortion-focused international campaign by professional cyber-criminals”. The UK council revealed that it is liaising at all levels with the UK government, Ofcom, and the National Cyber Security Centre (NCSC) to arrest the situation.

Comms Council UK’s spokesman described to the BBC that the scale of the attack was “unprecedented.” However, he was unable to identify the number of firms affected by the ridiculous attack. The spokesman said, “We have never seen anything like it since we were established back in 2004.” He added that “Ransom threats have been made to numerous providers and an overall threat has been made to the entire industry. The attackers have started down that path, with attacks underway.”

According to BBC, for the hardcore hacking fraternity, DDoS attacks are often sniffed at. These blunt instruments are barely regarded as hacking. But that doesn’t mean they don’t work, and this latest development proves that. By exploiting weaknesses in VoIP, this wave of attacks is actually a clever twist on a traditional DDoS approach. Although not yet causing widespread issues, the attacks have the potential to hit us where it really hurts – by making our Zoom and Teams meetings even more painful with drop-outs and lag.

Cyber-security expert Alan Woodward from the University of Surrey said that technology to protect businesses and websites against DDoS attacks has improved dramatically. “DDoS is a bit of a surprise as an attack method,” he added. “Ransomware is more usual for criminals extorting money at present.”

The NCSC claims it’s aware of the spate of the DDoS attacks and is in close communications with its partners to provide support for affected companies.