CHANNEL PROS have learned the hard way that VoIP resellers and the infrastructure providers they rely on are vulnerable to distributed denial-of-service assaults.
In September 2021, Bandwidth.com, a major provider of VoIP services to vendors (including Microsoft, Google, Zoom, Vonage, and RingCentral), resellers, and end users, became the victim of a DDoS attack that led to outages and other disruptions in its delivery of voice and messaging services throughout North America.
The Bandwidth attack came on the heels of DDoS attacks on two U.K.- based providers, VoIP Unlimited and Voipfone, and on Quebec-based internet phone service provider VoIP.ms.
Channel pros need to prepare now for inevitable future strikes. That’s because the recent shift by organizations to decentralized workplaces that are quite often linked via VoIP communications infrastructure, coupled with an increase in DDoS assaults in general, signal that the number of Bandwidth-style strikes against VoIP providers are likely to increase in the coming year.
“The general trend since the start of the pandemic has been an increase in the frequency of DDoS attacks, primarily motivated by extortion,” says Andrew Shoemaker, founder and CEO of NimbusDDOS, which specializes in DDoS testing and attack simulations.
Extortion attacks have historically focused on organizations’ public-facing websites. Now, Shoemaker says, “As businesses have shifted toward remote work, communication infrastructure has become the hot new target for DDoS attackers. By targeting communication infrastructure, an attacker can significantly impact an organization’s internal and external communications.”
Channel pros seeking to deal with growing threats to their customers’ VoIP systems first need to remember that bigger is better when it comes to VoIP providers. “Prevention-wise, larger VoIP providers with globally distributed, multi-homed, well-peered networks tend to withstand DDoS attacks better than smaller providers,” Shoemaker notes.
Size alone won’t ensure safety, however. “The VoIP provider should have a relationship with a DDoS scrubbing vendor that can provide upstream cleaning of traffic,” Shoemaker says, adding that vendor names to look for in this specialty include Akamai Technologies, Cloudflare, Imperva, and Neustar.
Also look for VoIP providers with service-level agreements that define availability obligations, including in DDoS attack situations, he adds, and seek documentation from an independent testing company on the overall resilience of their service against DDoS strikes.
Finally, an incident response (IR) plan specifically tailored to the customer should be in place.
Key features, according to Shoemaker, include predefined VoIP availability requirements, so IR teams have clear objectives for their efforts; defined roles and approval chain to expedite IR; a specified backup communication method for when an attack impedes normal VoIP communications; and a formal VoIP testing plan, enabling the IR team to evaluate the efficacy of mitigation measures.