The attacker "advantage" of a TDoS is that most organizations have only one phone system, or have one for corporate activity vs customer support activities, and it is easy to identify which is which. A DDoS on an organization's website might not impact their backoffice operations at all, depending upon the network configuration.
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Tue, Jun 4, 2013 at 1:00 AM, Kurt Buff <[email protected]> wrote: > > http://www.darkreading.com/attacks-breaches/hacking-the-tdos-attack/240155809 > > By Kelly Jackson Higgins > Dark Reading > May 30, 2013 > > When an ICU nurse refused to pay scammers who insisted she owed money > for a payday loan, they unleashed a robo-dial flood of hundreds of > calls per hour that ultimately shut down the phone system of the > hospital's intensive care unit. In another case, supporters of a > popular company that received a negative rating from a major financial > firm voiced their displeasure by crowdsourcing phone calls to the firm > in an attempt to block its trading and other functions -- and they > organized it via a Facebook Event post. > > These real-world cases of telephony denial-of-service (TDoS) attacks > in the past year didn't get the publicity that distributed > denial-of-service (DDoS) attacks did, but security experts say these > types of attacks have been on the rise in the past couple of years and > can be just as damaging as a DDoS. > > "Personally, I believe that it's a more invasive approach to target a > company's [or] individual's primary means of communication. Just like > DDoS attacks, based on my observations, they tend to abuse the > infrastructure of legitimate services, Skype, ICQ, major U.S-based > carriers, and relevant SIP providers," cybercrime researcher Dancho > Danchev said in an interview via email. > > TDoS attacks -- which earlier this year were becoming prevalent enough > that the U.S. Department of Homeland Security issued an alert about a > threat of TDoS attacks on public sector entities in an attempt to > extort money -- are typically similar in motivation and goals as DDoS > attacks that flood networks, websites or other servers with massive > volumes of traffic meant to bring an organization's data structure to > its knees. Call centers are the most popular TDoS targets -- they're > easy to contact and flood with calls -- and, increasingly, there are > more tools readily available tools for launching these attacks on any > organization or individual's location. > > [...] > > >
