fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Bandwidth.com Is Latest Victim Of DDoS Attacks Against VoIP Providers

Bandwidth.com Is Latest Victim Of DDoS Attacks Against VoIP Providers

Bandwidth.com has become the latest victim of distributed denial of service attacks targeting VoIP providers this month, leading to nationwide voice outages over the past few days.

Bandwidth is a voice over Internet Protocol (VoIP) services company that provides voice telephony over the Internet to businesses and resellers.

Starting September 25th at 3:31 PM EST, Bandwidth began reporting that they were experiencing unexpected failures with their voice and messaging services.

“Bandwidth is investigating an incident impacting Voice and Messaging Services. Calls and Messages may experience unexpected failures. All teams are actively engaged,” reported Bandwidth on their status page.

Beginning of the outage messages reported by Bandwidth.com
Beginning of the outage messages reported by Bandwidth.com
Source: BleepingComputer

Since then, Bandwidth has been providing frequent status updates detailing outages affecting voice, Enhanced 911 (E911) services, messaging, and access to the portal.

As Bandwidth is one of the leading telephony providers for US voice over IP companies, many other VoIP vendors reported outages over the past few days, including TwilioAccentDialPadPhone.com, and RingCentral.

While it has not been confirmed if these outages are related to Bandwidth’s service disruption, all of the above carriers stated that another upstream provider has caused their outages.

Also Read: 5 Workplace Tips: Protecting Information on Mobile Devices

“The upstream provider has indicated that service has returned to normal operation. We will continue to monitor this situation and report any new information as it becomes available. Customers should be prepared for potential impairments of inbound services within 12-16 hours as the potential exists for this DDoS attack to return. We will not close this issue until services have returned to the normal operation for a period of 72 hours.” – Accent’s status page.

Twilio initially told BleepingComputer that they were not affected by Bandwidth’s attack, but their status page states that they had issues with Bandwidth today.

Monitoring – We are observing recovery in Twilio Voice call quality and connection issues. Bandwidth is reporting the issue resolved as well. We will continue monitoring the service to ensure a full recovery. We will provide another update in 2 hours or as soon as more information becomes available.” Twilio’s status page.

Bandwidth.com hit with a DDoS attack

Earlier this month, VoIP provider VoIP.ms suffered a catastrophic week-long DDoS attack that took down almost all of their services and portals, leaving their customers without voice services.

The VoIP.ms attack was an extortion DDoS attack where threat actors impersonating the ransomware group ‘REvil’ initially demanded one bitcoin ($45,000) to halt their attacks but later increased it to 100 bitcoins ($4.5 million).

VoIP.ms ransom note
VoIP.ms ransom note
Source: BleepingComputer

Due to this recent attack, Bandwidth customers immediately suspected that Bandwidth was also suffering from a similar DDoS attack.

As VoIP services are commonly routed over the Internet and require their servers and endpoints to be publicly accessible, they are prime targets for DDoS extortion attacks.

To conduct these DDoS attacks, threat actors will overwhelm servers, portals, and gateways by sending more requests than can be handled and thus making the targeted devices and servers inaccessible to anyone else.

At this time, Bandwidth has not publicly disclosed the cause of its outage and has not responded to our queries.

However, Bandwidth customers have told BleepingComputer that employees said a DDoS attack caused the outages.

Another customer shared a screenshot on Reddit of a customer support message allegedly from a Technical Assistance Center manager who states that a DDoS attack is responsible for the outages.

Also Read: The Role of A DPO During Work From Home

“Bandwidth continues to experience a DDoS attack which is intermittently impacting our services. Our network operations and engineering teams continue active mitigation efforts to protect our network,” reads a screenshot shared on Reddit.

Message from Bandwidth employee
Source: Reddit

At this time, Bandwidth is reporting that their services are restored, and it is not clear if the threat actors stopped their attacks or were paid an extortion demand.

Unfortunately, it is common for threat actors to briefly halt attacks while they push extortion attempts, so we will not know for sure if the DDoS attack is over until tomorrow.

When we hear back from Bandwidth, we will update our story.

This is a developing story.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us