A Canadian VoIP provider called VoIP.ms is being held hostage by what it calls a “massive” and sustained DDoS attack that could cost the company business.
According to the boss of a Quebec firm that uses the VoIP.ms service, the telephone provider has been down since September 17. “It hasn’t hurt my business so far as we can work by email,” said the executive, who asked not to be identified. “It’s just a bore right now.”
However, he suspects that other companies – especially those reselling VoIP.ms service – “are really in trouble”.
An Ottawa man who works for a tech company and uses VoIP.ms residential service complained that “service comes and goes”.
According to the news service Bleeping Computer, a malicious actor asks a bitcoin, or about $ 45,000, to stop DDoS attacks.
ITWorldCanada.com has so far been unable to communicate with Montreal-based VoIP.ms, whose main website is now protected by Cloudflare and remains operational.
In a tweet, VoIP.ms said the attack began on September 16.
Its site carries the message: “The Distributed Denial of Service (DDoS) attack continues to target our websites and POP servers. Our team is making continuous efforts to stop this, but the service is affected intermittently… We apologize for any inconvenience.
The last tweet posted by the company, at around 10:30 a.m. Eastern Time, said, “We want to assure you that all of our energy and resources are devoted to combating this DDoS ransom attack.”
The affected Quebec customer manager said VoIP.ms has 23 servers across Canada and 42 servers in the United States for its telephony customers. To restore telephone service, customers were advised to point their servers outside of their local area. However, for this business that did not help. “In Montreal, they have nine different servers. I have gone to all of them and none of them are working now. Yesterday I was able to find one. Now they are not.
According to a VoIP.ms press release issued earlier this year, the provider was founded in 2007 and has “80,000 satisfied customers,” including cPanel, the Houston-based developer of cPanel web hosting control panel software; Utah-based ICON Health & Fitness; Toys “R” Us and others.
When asked to comment via email, a spokesperson for cPanel’s parent company, WebPros, said the company was “refusing to participate.”
VoIP.ms states that it provides a wide range of standard telephony features, as well as enhanced communication features for business and home communications. This includes things like local and direct numbers in over 60 countries. It also offers free porting across the United States and Canada for local and free direct dialing to more than 125 countries.
DDoS attacks harness the power of large numbers of infected devices connected to the Internet. Chained together to form a botnet, they issue requests to an IP address to overwhelm the web server and deny service. According to Cloudflare, a DDoS mitigation service, DDoS attacks can target an application layer, network devices such as firewalls and load balancers or DNS servers.
While holding an organization for ransom is one DDoS tactic, another uses the weapon as a diversion for malware or ransomware infiltration.
In March, Mitigation Service Akamai said DDoS attacks this year were getting “bolder and worse” than in 2020, which was a banner year in itself. Last year, Akamai said it had mitigated some of the biggest attacks ever (1.44 Tbps and 809 Mpps); seen more attacks on clients in more diverse industries than ever before; and observed the world’s largest DDoS extortion campaign, targeting a European online gambling site.
“Recently, we have seen several campaigns that targeted a range of IP addresses at two specific customers over an extended number of days,” the Akamai report states. “The attackers were relentlessly looking for weaknesses in the defenses to exploit, while trying different combinations of attack vectors. During one attack, threat actors targeted nearly a dozen IP addresses and turned to multiple DDoS attack vectors trying to increase the likelihood of disrupting back-end environments.
According to a report released in June by Nokia, after implementing COVID lockdown measures in 2020, its researchers saw a 40-50% increase in DDoS traffic. “The continued increase in the intensity, frequency and sophistication of DDoS attacks has resulted in a 100% increase in ‘high watermark levels’ of daily DDoS spikes,” the report says, “by 1.5 Tbps (January 2020) at more than 3 Tbps (May 2021). “
According to the Cloud Security Alliance, to thwart DDoS attacks, IT departments can do the following:
-increase the bandwidth. Have sufficient bandwidth to handle traffic peaks that may be caused by cyber attacks;
-Consider switching workloads to hybrid or cloud-based services. The provider can offer unlimited bandwidth.
-use a content delivery network (CDN) to balance website traffic so that your capped server doesn’t get overwhelmed;
-if your web hosting provider offers it, implement DDoS protection at the server level;
-configure your firewall or router to drop incoming ICMP packets or block DNS responses from outside your network (by blocking UDP port 53) to protect against certain DNS volumetric and ping-based attacks;
-Remember that you are never too small to suffer from DDoS attacks.