Global Voice over Internet Protocol (VoIP) services provider Bandwidth recently became another victim on a hitlist of firms from the sector targeted with distributed denial of service (DDoS) attacks.

Bandwidth offers its clients, which include resellers and businesses, voice telephony via the internet. Like many other VoIP providers, the company was knocked offline adding to a spate of nationwide voice service outages in the US.

Unexpected service interruptions

Last Saturday, September 25, Bandwidth made reports detailing unexpected failures experienced with both its messaging and voice telephony services. The provider’s status page commented at the time:

“Bandwidth is investigating an incident impacting Voice and Messaging Services. Calls and Messages may experience unexpected failures. All teams are actively engaged.”

Ever since the first status report, Bandwidth has provided frequent updates with detailed information regarding outages impacting a wide range of its services, including voice, messaging, Enhanced 911 services, along with access to the company’s online portal.

A leading telephony provider in the US supplying voice over IP for enterprises, Bandwidth is not the only firm in its field to be struck by a DDoS cyberattack. Numerous other VoIP service vendors also reported outages in the same period, including Accent, RingCentral, Phone.com, Twilio, and DialPad,

It is yet to be confirmed whether these other outages are connected to Bandwidth’s impacted service, but all of the carriers commented that another provider upstream was responsible for the issues they suffered.

Service provider Accent stated on its dedicated status page:

“The upstream provider has indicated that service has returned to normal operation. We will continue to monitor this situation and report any new information as it becomes available. Customers should be prepared for potential impairments of inbound services within 12-16 hours as the potential exists for this DDoS attack to return. We will not close this issue until services have returned to the normal operation for a period of 72 hours.”

Disruptive DDoS attacks

In early September, VoIP service provider VoIP.ms endured a week of interruptions when a lethal DDoS attack took down nearly all of its portals and services leaving its clients without the voice services they pay for.

The VoIP.ms cyberattack was a DDoS attack combined with extortion, where threat operators masquerading as the infamous ransomware gang REvil demanded payment in Bitcoin worth around £3.35m to call off their onslaught of attacks.

Due to the recent strike, Bandwidth customers had an instant suspicion that Bandwidth too was experiencing a DDoS attack. While the service provider has not confirmed the cause of the outages publicly, Bandwidth customers have reported that the company’s employees credited the issues to a DDoS attack.

VoIP services are typically routed via the internet and need their endpoints and servers to have public access. This makes them ideal targets for cybercriminal gangs using DDoS extortion strategies.

To carry out DDoS attacks, threat operators use botnet armies to overwhelm gateways, portals and servers, sending a continuous barrage of requests too large to be handled. This renders a victim’s servers and devices inaccessible to its clients, effectively denying them service.