In this post, we are going to talk about TDoS attack. First of all, we recommend that you read our other post, in which we describe the DoS and DDoS attacks:

DoS and DDoS Attacks

In its annual report “Internet Crime Report” for 2019, the U.S. Federal Bureau of Investigation (FBI) estimated that TDoS attack caused about $7,600,000 in loss (in the United States alone). You can read this report here.

In the simplest terms, it can be said that a Telephony denial of service (TDoS) attack is a type of denial of service (DoS) attack in which the attackers launch high volume of calls and keeping those calls active for as long as possible against the target network, preventing legitimate calls to come in. This  is  accomplished  when  an attacker  successfully  consumes  all  available  telephone  resources,  so  that  there  is  no  unoccupied telephone  line.

This attack is very important because your phone lines are a critical tool for communicating with employees and customers. If your lines are down, it can cause reputation damage to your business.

Today, cybercriminals are increasingly interested in creating botnets to launch telephony-denial-of-service or TDoS attacks against businesses.

Of course, TDoS attack isn’t a new threat. In 2013, the FBI and U.S. Department of Homeland Security (DHS) issued a joint alert regarding the TDoS threat and reported that dozens of TDoS attacks targeted the administrative public safety answering points lines (not the 911 emergency line).

TDoS attacks may have a short duration or occur intermittently over several days.

TDoS attacks have evolved from manual to automation. This means that the attacker’s software uses an infinite number of fake telephone numbers with which to call us. Attackers pull off automated TDoS attacks by installing any of these open source call generator software programs on a Linux server and configuring the software to suit to one’s needs such as setting the victim’s phone numbers. Also, spammers and scammers load malware onto devices to create a botnet which places thousands of automated calls. Another example of a manual TDoS attack is leveraging social media such as Facebook and Twitter to organize individuals into a TDoS calling campaign.

TDoS attacks may take one of several forms:

  • Simple Attacks: Originating from a single phone line, sometimes using a spoofed number.
  • Complex Attacks: Distinguished by the use of spoofed numbers.
  • Distributed Complex Attacks: This attacks use of sophisticated malware to flood businesses.



How Organizations & Companies Can Use TDoS Protection to Minimize Risk 

Fortunately, there are measures and solutions to deal with this type of attack or to minimize its destructive results, which we will mention:


Preparing for a TDoS Attack 

  • Remind employees  to  protect  themselves  and  the  agency,  by  not  responding  to abusive statements and not providing personal information to the caller.
  • Consider obtaining call recording software to provide evidence to law enforcement of threatening or abusive calls.
  • Ensure you  have  a  secondary  means  of communication,  such  as  cellular  telephones  or
  • Ask your telephony provider what services they provide to monitor and respond to a TDoS attack.
  • Use strong phone system passwords which are difficult to crack to reduce the risks that your lines are hacked.
  • Are you familiar with the Robocaller attack? Anyway, before continuing to read this post, it is better to read the article about robocaller attack here. With any of these robocall scenarios, attacks can be further mitigated by analyzing call traffic. When the volume of traffic breaches a threshold, further calls are blocked or diverted, ending the attack.


During the Attack 

  • Limit the  number  of  telephones  that  the  attacked  number  rings  If possible, limit the calls to one telephone and dedicate only one employee to answering that line.
  • Consider moving the crucial lines to a different, temporary PBX in case the PBX itself is targeted or overwhelmed.
  • Communicate the disruption to your customers via social media and email.
  • Actively monitor network security to determine whether the TDoS attack is meant to distract from other hacking events.
  • Transnexus: It is a telecom software solution for VoIP providers, telecom companies and other managed service providers designed to safeguard against TDoS and many different network threats. This software using SIP invite, tries to detect fake calls. In this way, the analytical feature assigns a risk profile to calls when a SIP invite is initiated to detect characteristics commonly associated with spoofed calls or TDoS attacks. In a matter of milliseconds, the software can determine whether the call is routed, declined, or redirected according to risk.
  • SecureLogix: When hazardous numbers or suspicious call patterns are detected, SecureLogix can automate the process of blocking or redirecting call traffic.