New Telephony Denial of Service (TDoS) Tool

The article below describes a new Telephony Denial of Service (TDoS) generation tool:

http://securityaffairs.co/wordpress/33867/cyber-crime/tnt-gang-released-tdos-tool.html

As stated in the article, TDoS is a flood of inbound calls, which target a set of phones critical to business operation. The target phones (and numbers)  can be any part of a business or enterprise, but are generally those making up a public facing contact center, including those used for banking, finance, health care (emergency rooms and ICUs), government, and public safety. A TDoS attack may be of sufficient volume to overwhelm an entire business or enterprise, but can be equally effective with a smaller amount of traffic, if targeting critical resources. In this way, it is more about selecting the proper target phones and numbers (normally pulled of of public websites), timing (during the busiest part of the day and season), and complexity of the attack (spoofing the calling number), than it is about an overwhelming amount of traffic.

 

There are a number of ways to generate TDoS attacks, including use of SIP trunks and free PBX software such as Asterisk, possibly using Skype as referenced in the article, or using a tool like the one described in the article. The advantage of a tool such as this is:

  •  It can generate a sufficient number of concurrent calls to overwhelm a  small or moderately  sized target.
  • Is turnkey and easier to set up than a SIP trunk and Asterisk.
  •  Can generate a complex attack (assuming that it can indeed spoof the calling number for all calls).
  • Is anonymous and hard to track. It can be used anywhere where there is cellular coverage.
  • Is difficult for a service provider to shut down, because the calls are coming in through the cellular network

The last point is significant, because this means of originating TDoS calls is more difficult for the service provider to isolate, than say many calls coming from a single SIP trunking provider.

The TDoS attacks enabled by this tool can be used purely for disruption, as a threat to enable extortion, or to flood a victim with calls (or texts) to prevent authentication calls from the victim’s bank.