This month, Bandwidth.com became the latest target of distributed denial of service attacks aimed at VoIP companies, resulting in national phone disruptions during the last few days.
Bandwidth is one of the leading voice over Internet Protocol (VoIP) service providers offering voice telephony to companies and resellers via the Internet.
It was around 3:31 p.m. EST on September 25th when Bandwidth started reporting unexpected problems with its phone and messaging services. Its status page said that Bandwidth is investigating an issue affecting Voice and Messaging Services. Unforeseen failures in calls and messages are possible. All teams are keenly working to resolve the issue.
Since then, Bandwidth has issued regular status updates describing disruptions impacting voice, messaging, portal access, and Enhanced 911 (E911) services.
Not only Bandwidth but many other VoIP providers have experienced disruptions in the last few days, such as Twilio, Accent, DialPad, Phone.com, and RingCentral.
While it is unclear whether these outages are connected to Bandwidth’s service disruption, the above providers have indicated that their problems are due to an upstream provider.
The recent incident led Bandwidth consumers to assume that the company was under a DDoS attack. Because VoIP services are frequently routed through the Internet and require public access to their servers and endpoints, they are appealing targets for DDoS extortion operations.
To perform DDoS attacks, threat actors overload servers, portals, and gateways by sending more requests than they can process, thereby rendering the targeted devices and services unavailable to everyone else.
Although Bandwidth has not officially disclosed the source of the outage, employees have indicated that it results from a DDoS attack.
One of the customers posted a screenshot of a customer support message supposedly from a Technical Assistance Center manager on Reddit, claiming that the outages result from a DDoS attack.
At present, Bandwidth reports that their services have been restored. However, it is unclear if the threat actors have discontinued their attacks or received the demanded extortion amount.