Recommendations And Tips For Navigating Recent DDOS* Attack
With all that has happened recently and continues to happen, Sunrise Solutions has been doing our very best to communicate and keep our customers up and running. Through this, we’ve experienced the same pain and aggravations you have. We thank you for your support and patience.
Here’s What Happened:
On Monday September 6th, (3) VoIP providers in the UK experienced a ransom-driven DDOS attack. On Thursday September 16th, these attacks moved to North America to VOiP.MS which is the underlying carrier for GetSomeSIP (GSS). This attack took 11 days to mitigate. Tuesday September 28th, the attacks moved on to larger upstream carrier Bandwidth.com and other major service providers like Zoom, 8×8, Verizon Wireless, Avaya, MS Teams and many others. As late as today yet another provider Envoy experienced issues.
Here’s What We Are Doing:
As we have done for many of you, we have brought on a second SIP service with a temporary DID which remains active. VOiP.MS will continue to be our primary underlying carrier. Since the attack occurred, VOiP.MS has strengthened its network because it was forced to. Other carriers are learning to do this now as well because of the massive scale of this attack. VOiP.MS has shared the lessons learned from this attack with the upstream providers which have allowed them to recover quickly. We are still confident VOiP.MS will provide us with reliable cost-effective service as they have for the past several years. We will continue to maintain a second SIP provider to supply a secondary call path just in case.
Furthermore, we will be moving our Toll-Free number to a provider which will be able to direct traffic to either SIP provider should one or the other be unavailable.
Initial Recommendations for Our Customers:
For some of you, following our lead will make the most sense. For others it won’t. These may change slightly in the weeks to come as we discuss mitigation plans with different carriers. If they do change, we will contact you.
To help you decide what you should do, we are providing the following options along with their PROS, CONS, and Comments:
Option 1: Stay with GetSomeSIP (GSS)
PROS: Cost Effective, Pay as You Go, No Contract
CONS: Underlying carrier suffered DDOS Attack which cripple the network for 2 weeks. There is no secondary call path.
Comments: After the DDOS attack, the network is now heavily protected. DDOS Mitigation plan has been effective.
Option 2: Stay with GSS w/an Alternate Carrier Temp DID
PROS: Cost Effective, Pay as You Go, No Contract plus a Secondary Call Path
CONS: Underlying carrier suffered DDOS Attack which cripple the network for 2 weeks.
Comments: After the DDOS attack, the network is now heavily protected. DODS Mitigation plan has been effective. Secondary carrier allows for quicker reaction time should the attack happen again. A third-party Toll-Free number further mitigates the risk.
Option 3: Move to another Over the Top SIP Provider: IXICA (Temp DID Provider)
PROS: Cost Effective, Month to Month Contract, No Secondary Call Path
CONS: No history of DDOS attack/prevention.
Comments: TEMP DIDs have been working well with IXICA, but they too experienced issues with the Bandwidth.com attack. We do not know at this point how protected their network is at this time.
Option 4: Move to a facilities-based SIP or Traditional TDM Provider: Comcast, Lumen, Verizon etc.
PROS: Larger companies, with private networks not utilizing the Internet to provide service.
CONS: Facilities based carriers are more expensive than Over the Top providers. Comments: Currently the most stable on-premise solution.
Option 5: Move to a hosted platform: Sunrise 360
PROS: A completely managed solution with full UC capabilities utilizing MULTIPLE Facilities Based Carriers
CONS: Typically, more expensive than premise-based solution with an Over the Top SIP service.
Comments: Versus most facilities-based providers the hosted phone service can be less expensive and has many more features.
There are a lot of options. None of which are 100% bullet proof. All carriers and providers are dependent on one another to some extent for calls that transit their networks. With the options we’ve laid out however, we can mitigate the risks of what happened over the recent past.
We know this is A LOT of information. Please reach out to us to schedule a time to review these options. We’ve engaged many carriers and providers. We can work with you to provision and cost project the best option for YOU!
Thank you again for your patience and support!
The Sunrise Solutions Team
What Is a DDOS Attack?
*What is DDOS and what causes one?
We’ve had a number of folks ask what we mean by DDOS. Here is an explanation from one of our technicians. An upstream carrier currently experiencing a malicious “DDoS” attack. This stands for a “Distributed Denial of Service”.
To Make an Analogy:
We’ve all experienced bad traffic on the Bay Bridge, and we sometimes have to wait hours to get across. A total of five lanes allows about 120k cars to cross on the weekends. Now, imagine if a malicious organization managed to obtain a few hundred tractor trailers, stopped, and parked them on both bridge spans, and ran away with the keys. Now imagine if that organization obtained TEN MILLION more tractor trailers, and did the same to all the highways, on ramps, side streets and access roads that feed to the bay bridge. That’s roughly the equivalent of what we were facing on the latest DDOS attacks.
A malicious actor (or possibly actors) has infected a fleet of millions (possibly billions) of computers around the world, and is using them to flood the carriers infrastructure with garbage requests, far exceeding its capacity.