Cyber-attack hits UK internet phone providers
An “unprecedented” and co-ordinated cyber-attack has struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to an industry body.
Industry body Comms Council UK said several of its members had been targeted by distributed denial of service (DDoS) attacks in recent weeks.
“An overall threat has been made to the entire industry,” a spokesman added. Ofcom said it was aware of the situation.
DDoS attacks work by flooding a website or online service with internet traffic in an attempt to throw it offline, or otherwise make it inaccessible. In the past, they often took websites offline and were sometimes used to make political statements.
VoIP providers offer internet-based calls to a range of customers, including businesses as well as public services, including the police and NHS.
In a statement, Comms Council UK said that the DDoS attacks on British VoIP firms have occurred during the past four weeks and “appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals”.
A Comms Council UK spokesman told the BBC that he was unable to specify how many firms were affected and added that he would describe the scale of the attack as “unprecedented”.
“We have never seen anything like it since we were established back in 2004,” he said.
“The attackers have started down that path, with attacks under way.”
An Ofcom spokesman said: “We’re aware that some networks have been experiencing problems recently.
“We are in contact with them to establish the scale and cause of the problem, and also liaising closely with the UK Government and National Cyber Security Centre.”
But that doesn’t mean they don’t work, and this latest development proves that.
By exploiting weaknesses in VoIP, this wave of attacks is actually a clever twist on a the traditional DDoS approach.
Although not yet causing widespread issues, the attacks have the potential to hit us where it really hurts – by making our Zoom and Teams meetings even more painful with drop-outs and lag
Technology to protect businesses and websites against DDoS attacks has improved dramatically in recent years, said cyber-security expert Alan Woodward from the University of Surrey.
“DDoS is a bit of a surprise as an attack method,” he added.
“Ransomware is more usual for criminals extorting money at present.”
The NCSC said it was aware of the DDoS attacks and was working with its partners to support affected companies.