IT and Business Insights for SMB Solution Providers

Preparing for VoIP DDoS Attacks

Channel pros seeking to deal with growing threats to their customers’ VoIP systems should examine providers' networks, service-level agreements, and incident response plans. By Martin Sinderman

CHANNEL PROS have learned the hard way that VoIP resellers and the infrastructure providers they rely on are vulnerable to distributed denial-of-service assaults.

In September 2021,, a major provider of VoIP services to vendors (including Microsoft, Google, Zoom, Vonage, and RingCentral), resellers, and end users, became the victim of a DDoS attack that led to outages and other disruptions in its delivery of voice and messaging services throughout North America.  

The Bandwidth attack came on the heels of DDoS attacks on two U.K.- based providers, VoIP Unlimited and Voipfone, and on Quebec-based internet phone service provider

Channel pros need to prepare now for inevitable future strikes. That’s because the recent shift by organizations to decentralized workplaces that are quite often linked via VoIP communications infrastructure, coupled with an increase in DDoS assaults in general, signal that the number of Bandwidth-style strikes against VoIP providers are likely to increase in the coming year.

Andrew Shoemaker

“The general trend since the start of the pandemic has been an increase in the frequency of DDoS attacks, primarily motivated by extortion,” says Andrew Shoemaker, founder and CEO of NimbusDDOS, which specializes in DDoS testing and attack simulations. 

Extortion attacks have historically focused on organizations’ public-facing websites. Now, Shoemaker says, “As businesses have shifted toward remote work, communication infrastructure has become the hot new target for DDoS attackers. By targeting communication infrastructure, an attacker can significantly impact an organization's internal and external communications.” 

Channel pros seeking to deal with growing threats to their customers’ VoIP systems first need to remember that bigger is better when it comes to VoIP providers. “Prevention-wise, larger VoIP providers with globally distributed, multi-homed, well-peered networks tend to withstand DDoS attacks better than smaller providers,” Shoemaker notes. 

Size alone won’t ensure safety, however. “The VoIP provider should have a relationship with a DDoS scrubbing vendor that can provide upstream cleaning of traffic,” Shoemaker says, adding that vendor names to look for in this specialty include Akamai Technologies, Cloudflare, Imperva, and Neustar.

Also look for VoIP providers with service-level agreements that define availability obligations, including in DDoS attack situations, he adds, and seek documentation from an independent testing company on the overall resilience of their service against DDoS strikes.

Finally, an incident response (IR) plan specifically tailored to the customer should be in place.

Key features, according to Shoemaker, include predefined VoIP availability requirements, so IR teams have clear objectives for their efforts; defined roles and approval chain to expedite IR; a specified backup communication method for when an attack impedes normal VoIP communications; and a formal VoIP testing plan, enabling the IR team to evaluate the efficacy of mitigation measures.

Image: iStock

About the Author

Martin Sinderman is a freelance writer and frequent ChannelPro contributor in Savannah, Ga.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.