DDoS attacks are crippling UK VoIP operators

VoIP mockup image man dialing on a telephone
(Image credit: Shutterstock)

Several Voice over Internet Protocol (VoIP) providers in the UK have been subjected to distributed denial of service (DDoS) attacks resulting in numerous outages affecting the public and private sector.

The UK Comms Council confirmed on Tuesday that several of its members and a number of international providers, including some in North America, have been fielding attacks for the past four weeks.

It also said the attacks appear to be "part of a coordinated extortion-focused international campaign by professional cyber criminals", as one affected vendor, Voip Unlimited, previously suggested the evidence pointed to REvil, the infamous Russian-based ransomware group.

The UK Comms Council, which is tasked with lobbying on behalf of the industry and developing best practices to increase industry-wide standards, among other duties, has offered very little details on the attacks and the affected parties.

However, it has confirmed its members supply VoIP services to the likes of the police, NHS, and other public services, adding that "attacks on our members are attacks on the foundations of UK infrastructure".

"We are liaising closely with the UK Government, National Cyber Security Centre, Ofcom & international agencies to share information and details about the nature of the attacks in the expectation of halting this criminal activity as quickly as possible," said the UK Comms Council in a statement.

"We are confident that, with a joined-up Government-led initiative, this damaging criminal activity can be halted.“

Speaking to IT Pro, neither the UK Comms Council or National Cyber Security Centre (NCSC) were able to comment on specific vendors that may or may not be affected by the coordinated DDoS attacks, but there are a number of cases in the public domain which suggest they could be linked with the attacks referenced by the council.


How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation


London-based Voipfone is still experiencing service disruptions, according to its status page. As of Wednesday morning, the company said: "We continue to work on addressing the issues effecting our network. A level of service has been restored, but there may still be a risk of further disruption. We will continue to update as the incident progresses".

Like Voip Unlimited, Voipfone also suggested the attack appeared to be conducted from "overseas criminals" in a Monday update.

Private sector customers have been complaining on social media about the frequency of outages at the firm, seeking compensation.

Speaking on who may be behind the attacks, Pascal Geenens, director of threat intelligence at Radware said: "In September, and still ongoing into October, an actor or group posing as REvil was sending out ransom demands to VoIP providers in the UK and Canada. In the case of the Canadian VoIP provider Voip.ms, the actors went public and leveraged Twitter to get word out of their threats and why Voip.ms was experiencing service disruptions.

"The tactic of disclosing victims publicly is one that is used by ransomware operators to increase the pressure on its victims. It is one thing to be under attack and trying to fend it off, it is another to fight off the attack while the whole world and all your customers are watching. And customers have their own opinions, so companies will vouch to pay the criminals to make it stop and restore the service."

The NCSC was unable to confirm the scale of the attacks and whether affected operators were still under attack. But it did say it was working with partners to support those who needed it.

"Denial-of-service attacks are a common threat, and we urge all organisations to follow our guidance on how to prepare for and deal with them," it said in a statement to IT Pro.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.