COMPANY    CUSTOMERS    NEWS    DOWNLOADS    CONTACT

SecureLogix Logo
  SOLUTIONS    PRODUCTS    SERVICES    SUPPORT    PARTNERS
   
SOLUTIONS
Talk To Sales 
Schedule Online Demo
Get Product Quote
Newsletter Sign Up
Comments / Questions?

SOLUTIONS
  Unified Policy Enforcement
Telephony Denial of Service
Voice Fraud
  Modem & Network Security
  Service Abuse & Financial Losses
  Harassing, Threatening or Restricted Calls
  Compliance & Data Leakage
Legal Risk & Investigations
  Reporting & Analytics
Optimization & Planning
Uptime, Performance & Troubleshooting
Business Operations & Productivity

Telephony Denial of Service (TDoS)

>> Download our SecureLogix TDoS White Paper.

>> Additional TDoS Resources available on our SecureLogix TDOS Landing Page

Easily-accessible, low-cost VoIP tools and information needed to launch huge volumes of simultaneous, computer-generated IP calls have many serious security and operational implications for the enterprise. Parties engaged in flooding a bank of enterprise phone lines with volumes of simultaneous calls might be engaged in any number of attacks to disrupt operations or steal information and/or money. And although these calls are often originating as auto-generated IP calls, they can touch any enterprise voice network, whether traditional TDM or newer SIP-based VoIP/UC.

Some TDoS types of activities are annoying and disruptive to business, such as large quantities of voice spam experienced during normal business hours. Another more threatening example includes brute force telephony denial of service (TDoS) attacks aimed at crippling the organization´s voice services, IVR systems, or other resources in order to terrorize or disrupt normal business operations and revenues. But perhaps the most insidious and sophisticated forms of TDoS attacks are those that are coordinated with other types of fraudulent activities in order to steal money and information.

Some of these more sophisticated TDoS attacks are relatively new - the FBI was first notified about this type of attack back in November of 2009. However, it is even more alarming that these voice-related, often voice over IP (VoIP), attacks against U.S. businesses and their customers are rapidly increasing in severity, sophistication, and frequency. The FBI issued another urgent TDOS warning on May 11, 2010 noting a surge in TDOS-related schemes to help steal money from U.S. bank accounts. During these integrated attacks, the TDOS component is used as a critical diversion to help perpetrators complete their fraudulent transactions.

One specific example attack occurs when a fraudster succeeds in disrupting or denying access to a company´s phone system. The most common TDoS attack is carried out in two parallel moves. Cyber thieves obtain account information and then contact institutions, changing information such as phone numbers, email addresses or even bank account numbers so that they can later access these accounts to transfer money or empty them. At the same time, they flood the business´ phone lines with spam calls in order to block verification calls coming in from the banks and other institutions. Since these calls cannot get through, and since victims don´t realize that something suspicious is going on - they think they are experiencing a glitch with their carriers - the attack goes undetected and is subsequently successful. As a result, bank, online trading and money management accounts are pillaged.

Another, more sophisticated attack is being initiated from within competitive local exchange carriers. Criminals target businesses with call centers and/or extensive IVR systems. They flood the systems with the intention of keeping the lines live as long as they can (they stay within IVR cues or if answered, play white noise, garbled, incomprehensible language or other sounds that make a listener pause before hanging up). During this diversion, criminals launch social engineering calls/schemes against contact center agents in an attempt to steal corporate or customer account information and identities which they later use to steal money from these same accounts. The longer the call is live, the more money the carrier receives for assisting in the transmission of the call.

TDoS attacks on businesses are profitable for criminals and are difficult for the enterprise to detect. Only upon recognition of financial loss, when employees report recurring calls with no caller on the line, or a location loses service completely, do companies take action and consider an attack a possibility.

The SecureLogix® ETM System provides an arsenal of tools to detect and mitigate TDoS attacks. The ETM System voice network firewall and Intrusion Prevention System (IPS) applications enable real-time detection and mitigation of attacks. The call recording application enables audio recording for new attack analysis. The usage management application enables generation of all manner of reports to analyze and document attacks.

 

 


© Copyright 1999-2016 SecureLogix Corporation. All Rights Reserved.
    Untitled Document

Trademarks / Patents
Legal
Privacy Statement

ABOUT US
Corporate Background
Management Team
Contact SecureLogix
Career Opportunities

SOLUTIONS
Unified Policy Enforcement
Telephony Denial of Service
Voice Fraud
Modem & Network Security
Service Abuse & Financial Losses
Harassing, Threatening or
Restricted Calls

Compliance & Data Leakage
Legal Risk & Investigations
Reporting & Analytics
Optimization & Planning
Uptime, Performance & Troubleshooting
Business Operations & Productivity

 

PRODUCTS
ETM® System Overview
Voice Firewall
Usage Manager
Performance Manager
Voice IPS
Call Recorder
Platform Appliances

SERVICES
About SecureLogix Services
Support Services
Professional Services
Managed Services
Training

SUPPORT
About Customer Support
Knowledgebase
Support Request
Software Updates
Documentation

 

PARTNERS
Partners Portal Registration
Partners Portal Login

CUSTOMERS
Customer Success stories
Security & ROI Case Studies
Customer Quotes

NEWS
In the News
Press Releases
Analyst Quotes
Awards
Press Room