What is a DDoS attack?
A DDoS attack (distributed denial of service attack) works by bogging down targeted networks or computer systems with junk data or traffic. Due to being overwhelmed with fake requests, the affected computer systems are unable to provide their services to those who are trying to use them for legitimate purposes. This can result in lapses in service all the way to complete shutdown.
DDoS attacks are used to paralyze victim networks and are frequently initiated in order to extort ransom money from large companies in exchange for the attack’s termination.
Who is Bandwidth?
Based in Raleigh, North Carolina, Bandwidth is the country’s third largest Voice Over Internet Protocol (VoIP) technology provider, helping companies large and small connect calls and messages over the web. With clients such as Google, Zoom, Verizon and AT&T, Bandwidth provides a significant portion of the core of the country’s VoIP infrastructure.
Needless to say, when Bandwidth, among other VoIP providers, succumbed to a calculated, highly targeted denial of distributed services (DDoS) attack beginning on September 25th, many across the nation were left with dead phone lines, interruptions in 911 emergency services and the inability to communicate.
Bandwidth DDoS attack timeline
The attack on Bandwidth’s services is the largest such attack to have happened across the nation’s ViOP services.
- On Saturday, September 25th, a targeted DDoS attack of Bandwidth’s Tier 1 carrier nodes took place over the course of four to five hours. This attack affected SMS, voice and carrier portals.
- On Sunday, September 26th, a second attack was engaged that resulted in a system failure that affected voice, SMS, carrier portals and number ordering.
- On the morning of Monday, September 27th at 9:00 AM EST, rolling attacks continued across the U.S., affecting businesses across different time zones as they opened. This attack would continue for the next ten hours and again affected voice, SMS, carrier portals, number ordering and 911 emergency services.
- On Tuesday, September 28th, a fourth DDoS wave began at 9:00 AM EST, resulting in the same effects as the previous attacks.
- A fifth attack took place on Wednesday, September 29th beginning at 9:45 AM EST.
- On Thursday, September 30th, Bandwidth issued a statement reporting that their services have become fully operational, having successfully ended the attack.
Who attacked Bandwidth?
It is not currently known who was behind the Ddos attack on Bandwidth. It also remains unclear whether or not the company was targeted for a ransom payout and if they were able to end the attacks by succumbing to the hackers’ demands or by successfully squashing the threat on their own.
Undoubtedly, as the dust settles on a week of VoIP chaos, more information will come to light about who was responsible for the outages, Bandwidth’s internal response to the attack and their preparedness to withstand one.
The FBI is reportedly working with Bandwidth as the investigation into the event continues.
Who was affected by the attack on Bandwidth?
Being that Bandwidth is a key player in the country’s VoIP network infrastructure, the effects from the attack were felt nationwide.
All forms of telecommunication companies from Spectrum to Google, Microsoft and Amazon felt the effects of the week’s attacks via disruptions or outright blackouts in their VOiP services.
In a Zoom call with customers regarding the Bandwidth attack, Matt Siemens, CEO of cloud-based communications provider NUSO, explained that 17 days ago a similar attack was undertaken in the UK, shutting down VOiP service providers around the country. He also went on to say that, over the past three weeks, up to 12 different service providers have been experiencing attacks that he believes are being carried out by the same malicious hackers.
He went on to explain that Canadian provider Voip.ms was also hit with a similar attack recently in which the company was asked to pay a ransom of 100 Bitcoin, or around $4.2 million. Another source revealed that REvil, a notorious ransomware gang, was responsible for that attack.
Siemens described the attack on Bandwidth as “extraordinary” and “unique” to the industry. While it was not his company that was directly targeted, NUSO was one of the many providers that felt the consequences of Bandwidth’s buckling.
According to Siemens, NUSO had to work extraordinarily quickly to move their customers’ phone numbers to providers that had to be vetted first to ensure that they too were not affiliated with Bandwidth or also under attack themselves.
What’s next?
While the finer points of this week’s attack are yet to be revealed, the alarming lack of mainstream coverage of a very deliberate, brute force attack on a chunk of the country’s communication infrastructure means that most people will likely not ever know the outcome of the attack or the implications of its severity unless they specifically seek the information out.
Siemens’ description of the DdoS attack as “not something that a service provider can generally defend against” will likely not be a good enough excuse when Bandwidth undoubtedly has its cybersecurity protocols scrutinized.
However, his description does highlight the critical need for companies of all sizes to maintain vigilance and keep their cybersecurity protocols and operations on the absolute cutting edge.
As with so many high profile security incidents and hacks in recent history that could have been prevented, Bandwidth’s hindsight regarding this attack may prove to be 20/20.
Cybersecurity basics
You don’t have to be a high profile corporation or service provider to find yourself on the other end of a cyberattack, including a DDos attack. Follow these simple steps to help keep your network and devices safe:
- Use strong passwords. Be sure to create strong login credentials. Change your passwords frequently.
- Delete your cookies. Cookies are pieces of information that websites use to keep track of you. This data can potentially be used by hackers for nefarious purposes. Clear the cookies saved in your browser once every couple of weeks.
- Ditch the old hardware. Replace outdated hardware with refurbished firewalls or network switches from a reputable dealer.
- Conceal your activity with a VPN. Using a VPN is a great way to keep your network hidden from hackers. Needless to say, multi factor identification can make the difference between safety and stolen data.
Sources
- Bandwidth’s VoIP services hit with DDoS cyber attack | Raleigh News & Observer by Zachary Eanes, 30 Sep 2021, The News & Observer
- Bandwidth operating normally again following cyber attack | Raleigh News & Observer by Zachary Eanes, 30 Sep 2021, The News & Observer
- Bandwidth.com is latest victim of DDoS attacks against VoIP providers by Lawrence Abrams, 27 Sep 2021, Bleeping Computer
- Bandwidth CEO confirms outages caused by DDoS attack by Jonathan Greig, 28 Sep 2021, ZDNet