TDoS Protection

Telephony Denial of Service (TDoS) attacks are a growing threat to organizations that rely on telephone communications for essential services. By flooding a system with an overwhelming amount of false or malicious calls, TDoS attacks can render telephone services unavailable to legitimate users. Because they are often directed at organizations in healthcare, critical infrastructure, and emergency services, TDoS attacks can put lives at risk — making TDoS protection a top priority.

TDoS protection involves multiple levels of security designed to prevent or mitigate TDoS attacks. These measures may include filtering and blocking illegitimate traffic, limiting high-volume call spikes, implementing redundant infrastructure and load-balancing, authenticating and prioritizing legitimate calls, and strengthening VoIP security.

How TDoS Attacks Work

TDoS attacks have evolved from manual efforts to highly automated campaigns. Some attacks still use manual techniques like leveraging social networks to encourage individuals to flood a particular phone number with calls. Attackers may also launch brute force attacks, where they hire telemarketers or other individuals to make calls to a number at a specific time. However, more sophisticated TDoS threats rely on a variety of automated tools and techniques.

Call Generating Software Also known as robodialers, these programs can generate multiple calls to a specific number, often playing an audio message in an attempt to extend the duration of the call.

Caller ID Spoofing This technique uses automated dialers to make thousands of calls to individuals with a faked or spoofed caller ID that shows the phone number of the target business. The calls are terminated when someone answers, prompting many individuals to attempt a call back that saturates the victim’s phone system.

Botnets A botnet is a network of computers, smartphones, and other devices but have been infected with malware which allows an attacker to control them remotely. By directing the devices in a botnet to make calls to a specific number, attackers can generate hundreds or thousands of calls per minute.

Malware Some attackers have used malware that, when distributed to smart phones, can cause these devices to make calls to a specific number.

The Results of a TDoS Attack

The most common targets of TDoS attacks are governments, enterprises, or businesses with critical, public-facing contact centers. These include emergency 911 services, financial services, healthcare institutions, and critical infrastructure. Attackers may target these organizations for financial gain, retaliation, competitive advantage, ideological reasons, or malicious entertainment.

The impact of TDoS attacks can be devastating:

Service Disruption: Organizations that rely on telephony for critical services such as emergency response, customer support, or sales will face significant operational challenges during an attack.
Financial Losses: Attackers frequently launch TDoS campaigns to extort money from organizations by threatening to maintain the attack until a ransom is paid. Additional costs of an attack include lost sales and productivity, compensation paid to dissatisfied customers, and the costs and resources required to mitigate the attack and restore normal operations.
Reputational Damage: A prolonged disruption of telephone services can inflict serious damage to an organization’s reputation. Potential customers may be dissuaded from doing business with the company, and previously loyal customers may look for alternatives with competitors.

The Elements of TDoS Protection

Effective TDoS protection requires a multilevel approach to telephony security that may involve some or all of these prevention and mitigation strategies:

Call Filtering and Blocking This technology analyzes incoming calls for suspicious patterns and blocks calls based on preset rules.
Rate Limiting Rate limiting restricts the number of incoming calls allowed within a specific timeframe to prevent spikes in call volume.
Session Border Controller (SBC) SBCs offer basic blacklisting in whitelisting capabilities to filter out suspicious IP addresses.
Call Firewall VoIP firewalls monitor and control call initiation requests to reduce the number of unauthorized or suspicious calls.
Call Authentication and Anti-Spoofing These solutions verify that incoming caller ID information is accurate and unaltered, helping to reduce spoofing-based TDoS attacks.
Interactive Voice Response (IVR) Filters This technology screens out automated bot calls by requiring human interaction, limiting automated call volume during the attack.
Real-Time Monitoring and Detection Monitoring tools analyze call traffic for unusual patterns and alert telephony teams to abnormal activity, enabling faster response to potential attacks.

SecureLogix: Unified Call Trust, Authentication, and Security Solutions

As a pioneer of call security technology, SecureLogix is the only vendor offering a single, unified solution set for the full range of the voice security and call trust issues that threaten today’s enterprises. Our technology delivers multiple layers of security to provide superior TDoS protection.

Call Defense™ System: A Powerful Call Firewall

Call Defense™ System delivers industry-leading protection for voice channels and business calls. Sitting at the edge of a voice network, the Call Defense™ System filters good traffic from bad in real time to keep your network safe by reducing unwanted calls. With this SecureLogix technology, you can:

Gain enterprise-wide visibility into telephony activity.
Enforce security policies in a unified way.
Prevent malicious calls and attacks with alerting, blocking, and/or redirection.
Detect call patterns attacks and identify anomalies with call intrusion prevention (IPS) technology.
Enhance reporting with scheduled and ad hoc reports that reveal insights into voice network usage, CDR analytics, and attack forensics.

Call Secure™ Managed Service: Fully Managed Call Security

For organizations that want expert assistance with TDoS prevention, the Call Secure™ Managed Service combines the power of cutting-edge technology with the most experienced call security service team in the business. This offering is vendor and protocol agnostic — it supports all network architectures and a mix of TDM and SIP traffic. It also enhances and complements all existing voice systems, including SBCs. With Call Secure™ Managed Service, you can:

Protect your telephone system against voice network attacks.
Proactively monitor new attacks and malicious calls.
Prevent call fraud, spoofing, and robocalls.
Reduce call spam and unwanted nuisance calls.
Increase call visibility across the enterprise.

Orchestra One™: Cloud-Based Auto-Authentication and Spoofing Detection

SecureLogix® Orchestra One™ Call Authentication Service quickly verifies and authenticates every inbound call by dynamically orchestrating multiple zero-cost and low-cost metadata services to authenticate each call at its lowest possible price. This technology analyzes and orchestrates thousands of call details along with real-time carrier network metadata (including STIR/SHAKEN when present) to provide a high-value authentication score for each call. By restricting inbound spoofed calling events and robocalls, Orchestra One™ helps to mitigate the impact of TDoS attacks. This SecureLogix technology also increases customer satisfaction by reducing the number of frustrating security questions that typically characterize authentication measures.

FAQ

Q: What is TDoS protection?

TDoS protection includes tools, strategies, and best practices to prevent or mitigate Telephony Denial of Service attacks, which aim to overload phone systems with excessive calls.

Q: How can rate limiting help in TDoS protection?

Rate limiting restricts the number of calls that can be received within a certain time frame. By capping call volumes, rate limiting reduces the impact of call floods and helps maintain service availability during an attack.

Q: What role do telecom providers play in TDoS protection?

Telecom providers can implement call filtering, caller ID verification, and advanced routing solutions to enhance TDoS protection. They also have access to security features like STIR/SHAKEN for caller ID authentication, helping block or reduce spoofed calls commonly used in TDoS attacks.

Q: What is STIR/SHAKEN?

STIR/SHAKEN is a framework designed to prevent caller ID spoofing by authenticating the true origin of phone calls. It uses digital certificates to verify that the caller ID displayed on the recipient’s device matches the actual source of the call. By validating caller identities, STIR/SHAKEN helps reduce fraudulent calls and unwanted robocalls, and it strengthens telephony defenses against attacks like Telephony Denial of Service (TDoS), where spoofed numbers are often used. It’s primarily implemented on VoIP networks, with adoption expanding globally.

Q: What is a Session Border Controller (SBC), and how does it help with TDoS protection?

SBCs are network devices that secure VoIP traffic, controlling and filtering incoming and outgoing calls. They prevent unauthorized access, block suspicious traffic, and reduce the risk of VoIP-based TDoS attacks.

Q: How does call diversion work as a TDoS protection strategy?

Call diversion reroutes incoming calls to backup systems or secondary lines, distributing the call load and reducing the impact of a TDoS attack. It helps maintain some level of service availability even under attack.