Botnets, DDoS, and TDoS

Botnets, DDoS, and TDoS Attacks: How to Protect Your Organization

What is a Botnet?

A botnet is a network of infected computer devices, often referred to as "zombies," that are controlled remotely by cybercriminals. These hijacked devices are used to carry out various malicious activities, such as Distributed Denial of Service (DDoS) attacks, Telephony Denial of Service (TDoS) attacks, and other types of cybercrime.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack overwhelms a target server, network, or service with massive amounts of internet traffic coming from multiple, often dispersed, sources. This flood of traffic can make it impossible for the target to function, disrupting normal operations.

DDoS-for-hire services have made it easier for almost anyone, regardless of experience, to conduct disruptive attacks, enabling cybercriminals to launch large-scale attacks with minimal effort.

  • Tips to Prepare for a DDoS Attack
  • Enroll in a DDoS Mitigation Service
  • Consider partnering with a service that detects abnormal traffic patterns and can help redirect malicious traffic before it reaches your network.

Work with Your ISP

Establish a relationship with your Internet Service Provider (ISP) ahead of time. Having this partnership will ensure you have support during an attack to control and filter the malicious traffic.

Develop and Test a Business Continuity Plan

Continuity planning ensures that critical functions can still operate during emergencies like cyberattacks. Testing your plan regularly will help identify gaps and strengthen your organization’s response to disruptions.

Secure Your Backups

Make sure your backups are not directly connected to your operational network. This can prevent them from being compromised during a DDoS attack.

Review Security Policies and Procedures

Establish comprehensive patching schedules and security protocols to ensure that your organization is prepared for the current threat landscape.

What to Do in Case of a DDoS Attack

  • Contain the Problem
  • Quarantine or take offline affected hosts and systems to stop the attack from spreading further.

Reimage Compromised Hosts

If systems have been compromised, reimage them immediately to prevent the attacker from using them as part of the botnet. Follow forensic procedures if needed to preserve evidence.

Reset Compromised Credentials

Reset all credentials that could have been exposed during the attack. This includes user accounts, service accounts, and any security certificates or passwords that might have been compromised.

File a Complaint

Report the DDoS attack through IC3 at Action Fraud

Ensure you include the term "DDoS" in your incident description for proper tracking and investigation.

What is a TDoS Attack?

A Telephony Denial of Service (TDoS) attack targets telephone systems by flooding them with calls to make the system unavailable for legitimate users. The goal is to disrupt communication, often by keeping the phone lines busy or blocking incoming calls.

TDoS attacks have evolved over time, from being conducted manually to automated systems using Voice Over Internet Protocol (VOIP) and Session Initiation Protocol (SIP). These attacks can now be carried out by cybercriminals with minimal preparation, using inexpensive and easily accessible software.

  • Tips to Prepare for a TDoS Attack
  • Create an Incident Response Plan

Develop a written Incident Response Plan specifically for TDoS and other cyber-attacks. A clear, actionable plan will help you respond quickly and effectively in case of an attack.

Establish Redundancy and Backup Plans

Work with other Public Safety Answering Points (PSAPs) to ensure you have redundancy and backup communication channels in case of a TDoS attack.

Consult with Your Telephone Systems Engineer

Speak with experts to explore ways to strengthen your phone systems against TDoS attacks, such as rate-limiting incoming calls or implementing call filtering technologies.

Conduct Cybersecurity Assessments

Regularly assess your phone system's security to identify vulnerabilities and gaps in your defense. Address these weaknesses proactively.

Deploy TDoS Mitigation Solutions

Invest in TDoS mitigation tools that can detect and block suspicious call volumes, reducing the impact of attacks on your phone systems.

Work with Your Telephone Service Provider

Collaborate with your telephone service provider to understand how your system can be protected from TDoS attacks. Discuss technical solutions and recovery plans for quick response.

What to Do in Case of a TDoS Attack

  • Preserve Any Recordings
  • If possible, save voice recordings of calls made before, during, or after the attack. These could provide critical evidence for law enforcement investigations.

Record the Attack Details

Document important details such as the phone numbers involved, the time of the attack, the number of calls made, and any payment demands. Keeping track of these facts will help in investigations.

Retain All Logs

Retain call logs, IP logs, and any other records that can help authorities identify the source of the attack.

Isolate the Affected Telephone System

If the attack is impacting critical communication lines, separate the affected number from your main system to minimize disruption.

File a Complaint

Report the TDoS attack to IC3 at Action Fraud

including the keywords "TDoS" and "PSAP" in your complaint for accurate processing.

Stay Informed

For more information on DDoS and TDoS attacks, visit IC3 for updated Industry Alerts. Staying informed about the latest trends and tactics in cyberattacks can help your organization remain vigilant and prepared.