IT and Business Insights for SMB Solution Providers

What Channel Pros Need to Know About the Bandwidth.com DDoS Attack

Getting complaints from your VoIP customers this week? Here’s why it happened and how to avoid getting burned when—not if—this kind of incident happens again. By Rich Freeman

How familiar are you with Bandwidth.com?

If you’re like a lot of channel pros, you’d probably never heard of the company until this week, when your VoIP customers started complaining that they can’t make or receive calls. A check with your vendor then revealed that the source of the problem was a competitive local exchange carrier (CLEC) named Bandwidth.com that plays a critical if largely unseen role in the VoIP ecosystem, connecting IP-based networks to copper-based local phone systems. 

An estimated 40% of VoIP providers in North America, including companies ranging from Microsoft, Google, and Zoom to Vonage, RingCentral, and 8x8, rely on Bandwidth to deliver services. So when unknown attackers launched a distributed denial of service assault on the company last Saturday, the ripple effects led to slowdowns or outright service outages for VoIP vendors, their partners, and end users.

“They didn’t go down, but the traffic coming into their IP addresses was getting flooded and then intermittency started happening,” says George Bardissi, CEO of BVoIP, one of Bandwidth’s many downstream users. “Either calls weren’t connecting all the time, and you’d have to try multiple times, or maybe the call quality wasn’t good.”

Bandwidth restored network stability within hours of the first strike, but the attackers returned the next day and have been waging a pitched battle with Bandwidth’s IT team involving continually shifting tactics and techniques ever since. The last major incident occurred Tuesday, but there’s no telling yet if the larger DDoS campaign is truly over. On Wednesday, a company spokesperson told ChannelPro that Bandwidth is “seeing some intermittent disruptions in service and working around the clock to restore.”

That’s consistent with what Cytracom, another Bandwidth partner, has experienced. “Monday was bad, and Tuesday,” says Zane Conkle, the vendor’s CEO, in a conversation with ChannelPro yesterday. “Today we’ve seen traffic back above 80% of what we’d expect to see.”

Bandwidth has said little publicly about its plight to avoid making a bad situation worse. “That’s always the challenge with these types of attacks,” says Richard Craighead, Cytracom’s vice president of engineering. “You want to provide enough information to enable the defenders to defend themselves, but you don’t want to arm the attackers with information that will allow them to circumvent whatever you’re trying to do to defend yourself.”

On Tuesday, however, Bandwidth CEO David Morken posted the company’s first public acknowledgement that a DDoS strike was underway. “We will not rest until we end this incident, and will continue to do all we can to protect against future ones,” he wrote.

And have no doubt, there will be more incidents like this one in the future. Bandwidth, in fact, isn’t even the first big carrier to come under assault recently. Two VoIP operators in the U.K. were struck roughly a month ago in what appears to be a connected series of attacks that subsequently struck VoIP.ms, a major Canadian provider.

The same kind of cybercriminals who targeted Colonial Pipeline because it’s critical to distributing fuel, it seems, have begun targeting Bandwidth and companies like it because they’re critical to distributing communications. Explaining that to SMBs, however, isn’t easy.

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.