fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Telnyx is the Latest VoIP Provider Hit with DDoS Attacks

Telnyx is the Latest VoIP Provider Hit with DDoS Attacks

Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday.

Telnyx is a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions.

Starting November 9th at approximately 11 PM EST, Telnyx was targeted with a DDoS attack causing all telephony services to fail or be delayed.

Also Read: A Review of PDPC Undertakings July 2021 Cases

“Telnyx is currently experiencing a DDoS attack. Until we reach a resolution, you may be experiencing failed calls, API and portal latency/time outs, and/or delayed or failed messages,” reported the Telnyx status page.

After the DDoS attacks continued, Telnyx began migrating their services to Cloudflare’s Magic Transit service, which provides DDoS protection for service providers.

“Magic Transit delivers its connectivity, security, and performance benefits by serving as the “front door” to your IP network. This means it accepts IP packets destined for your network, processes them, and then outputs them to your origin infrastructure,” explains documentation for the Magic Transit feature.

At this time, Telnyx has moved their EMEA and APAC services behind Cloudflare, with the company planning on migrating services for the Americas during off-peak hours.

VoIP providers under siege by DDoS attacks

This attack follows September DDoS attacks on VoIP.ms and Bandwidth that effectively took down the service provider’s services for days.

When VoIP.ms suffered their week-long DDoS attack, they received a ransom demand by threat actors impersonating the ransomware group ‘REvil.’

Also Read: Protecting Data Online in the New Normal

The threat actors initially demanded a one bitcoin ransom (roughly ~$45,000) to halt the attacks but later increased it to 100 bitcoins, worth approximately $4.5 million at the time

VoIP.ms ransom note
VoIP.ms ransom note
Source: BleepingComputer

Bandwidth remained silent about the cause of their outage for days but, eventually, admitted to suffering a DDoS attack.

In a recent Q2 2021 earnings call, the Bandwidth CEO implied that the threat actors demanded a ransom in their attack but that the company did not give in to the demands.

“We did not pay a ransom and instead relied on innovative solutions and strategies to confront the threat, head on. To sum up, we believe, Bandwidth is now stronger than ever and we plan to leverage what we’ve learned to help make the ecosystem safer for enterprise communications,” Bandwidth CEO David Morken said during the earnings call.

To mitigate the DDoS attacks, both vendors migrated their infrastructure behind Cloudflare as well.

Morken went as far as to say that the attacks on their infrastructure taught Cloudflare how to mitigate attacks against VoIP providers.

“We rallied during this attack and used vendors like Cloudflare and taught them how to address this issue for the first time and collaborated with them in a way that they then were able to go to the whole industry and share,” said Morken.

As VoIP services are commonly routed over the Internet and require servers and endpoints to be publicly accessible, they become prime targets for DDoS extortion attacks.

We should expect these attacks to continue and potentially bypass defenses at times as threat actors evolve their tactics.

BleepingComputer did not receive a response after reaching out to Telnyx to ask if they also received a ransom demand.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us