Telephony Denial of Service (TDoS) attacks have one aim: to overwhelm a service with so much traffic that the system buckles under the strain. This type of cyberattack is especially concerning because it is isolating and puts victims' lives at risk.

In coordinated attacks, TDoS can cripple public infrastructure and render people unable to call emergency response services or notify their banks of suspicious activities on their accounts. Your phone company is responsible for having a system that’s resilient to TDoS attacks. Still, there are some things you can do in a TDoS attack.

What Is a Telephony Denial of Service (TDoS) Attack?

TDoS are attacks where hackers use automated setups to flood a phone service with a high amount of false traffic, thus preventing legitimate calls from going through. To put it into perspective, you can think of this type of Denial of Service (DoS) attack as using an army of toy cars to occupy a highway and causing traffic congestion that prevents real cars from going through that road.

TDoS attacks are not new. In fact, there have been enough recurring issues for federal security agencies to deem them a threat to public safety.

How Does a TDoS Work?

Photo of Person Working on Computer

The setups from TDoS attacks range from simple to complex. One common feature, however, is that these attacks mostly target phone systems based on Voice over Internet Protocol (VoIP) technology.

In simple TDoS attacks, the attacker uses an automated phone dialer or software to generate and launch a barrage of automated calls. This type of attack doesn’t require much to execute: a Linux server on an old computer and robocall software is all the attacker needs. The simplicity means such attacks are typically directed at individuals and small local businesses.

The setup for complex TDoS attacks is more elaborated and requires some planning and execution on the attacker’s part. Typically, an attacker uses an army of botnets to launch a distributed attack. One way to get this arsenal is, of course, to buy a botnet on the dark web. Another approach is to distribute malware online and commandeer the smartphones of real people. Attackers prefer the latter because it’s easier to get past call filters and spam blockers.

What Is the Impact of TDoS Attacks?

Photo of Neon Sign Saying Emergency

TDoS attacks tie up the lines and prevent victims from receiving or making phone calls. The impact for an individual is being unable to call emergency services—or indeed anyone at all. If part of a complex cyberattack scheme, it can prevent a victim from alerting their banks about fraudulent activities on their accounts.

Likewise, the implications of TDoS attacks for businesses and municipalities are financial. Usually, attackers prefer to use TDoS attacks to hold businesses and municipality governments to ransom. Often, the victim would have no choice but to acquiesce to the attacker’s demands. After all, resisting would mean losing productive person-hours, customers, or, in the case of a municipality, civil unrest due to broken public infrastructure.

How to Prevent TDoS Attacks

Photo of Phone on a Yellow Background

The job of preventing TDoS attacks is on your phone service provider and government agencies. Your phone service provider makes communication infrastructure resilient to TDoS attacks, usually by implementing security protocols that filter and block calls from known attackers. Government agencies like the Federal Communication Commission, the Department of Homeland Security, and the FBI take on the tasks of making regulations, investigating, and prosecuting attackers.

Use a Reputable Phone Service Provider

On your part, finding a reputable phone service provider is all you need to do. And if your current provider does not offer anti-spoofing or call screening solutions, consider changing to a provider that does. In addition to this, talk to someone at the phone company and ask that they send a technician to configure your communication setup to make it resilient to TDoS attacks.

Install a Session Border Controller

Meanwhile, if you have the technical know-how, install a Session Border Controller (SCB) to improve the security of your phone system. SBCs work like firewalls that manage call requests. So, when the controller senses unusual traffic that could cripple your system, it blocks those connections. You will need to refer to your phone system manuals to configure your SBC. Your phone service provider should have this manual online if you've lost your hard copy.

Should You Be Worried About TDoS Attacks?

Not really. Worrying about a TDoS attack is mainly your phone service provider and the municipality government’s responsibility. Still, you are right to take steps to prevent such attacks, especially if you know a small business or live in an area where TDoS attacks are frequent or expected. In addition to this, we recommend that you take steps to reduce your exposure to more common cyberattacks like Business Email Compromise attacks.