Cyber-attack hits UK internet phone providers

  • Published
Woman taking video callImage source, Getty Images

An "unprecedented" and co-ordinated cyber-attack has struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to an industry body.

Industry body Comms Council UK said several of its members had been targeted by distributed denial of service (DDoS) attacks in recent weeks.

"An overall threat has been made to the entire industry," a spokesman added.

Ofcom said it was aware of the situation.

DDoS attacks work by flooding a website or online service with internet traffic in an attempt to throw it offline, or otherwise make it inaccessible.

Media caption,

EXPLAINED: What is a DDoS attack?

In the past, they often took websites offline and were sometimes used to make political statements.

But the latest spate of attacks has targeted VoIP in an alleged effort to extort those companies.

VoIP providers offer internet-based calls to a range of customers, including businesses as well as public services, including the police and NHS.

In a statement, Comms Council UK said that the DDoS attacks on British VoIP firms have occurred during the past four weeks and "appear to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals".

The body said it was liaising with the UK government, Ofcom and the National Cyber Security Centre (NCSC) over the matter.

A Comms Council UK spokesman told the BBC that he was unable to specify how many firms were affected and added that he would describe the scale of the attack as "unprecedented".

"We have never seen anything like it since we were established back in 2004," he said.

"Ransom threats have been made to numerous providers and an overall threat has been made to the entire industry.

"The attackers have started down that path, with attacks under way."

An Ofcom spokesman said: "We're aware that some networks have been experiencing problems recently.

"We are in contact with them to establish the scale and cause of the problem, and also liaising closely with the UK Government and National Cyber Security Centre."

For the hardcore hacking fraternity, DDoS attacks are often sniffed at.

These blunt instruments are barely regarded as hacking.

But that doesn't mean they don't work, and this latest development proves that.

By exploiting weaknesses in VoIP, this wave of attacks is actually a clever twist on a the traditional DDoS approach.

Although not yet causing widespread issues, the attacks have the potential to hit us where it really hurts - by making our Zoom and Teams meetings even more painful with drop-outs and lag.

Technology to protect businesses and websites against DDoS attacks has improved dramatically in recent years, said cyber-security expert Alan Woodward from the University of Surrey.

"DDoS is a bit of a surprise as an attack method," he added.

"Ransomware is more usual for criminals extorting money at present."

The NCSC said it was aware of the DDoS attacks and was working with its partners to support affected companies.

Related topics