Heads up to all of my Telecom friends…we have credible information giving us reason to believe that a major SIP Denial of Service attack is going to be launched against major US infrastructure companies in a couple of days (perhaps as soon as Monday). The goal is to cripple US telephone and Interent service, nationwide.
State sponsored hackers called APT-28 (Fancy Bear) and APT-29 (Cozy Bear) are acquiring enormous quantities of BOTs on the Dark Web and training them with lists of IP Addresses that respond to SIP.
They are using RPC Portmapper DUMPs and SIPVicious scanners to detect and capture the IP Addresses.
Authorities in the USA are expecting this cyber attack to be in the terabit/second range.
Basically VOIP denial of service. Internet phone/video service. Someone somewhere is getting ready to target at-home workers.
Recommend that you ensure your Firewalls and Routers are in modes that will prevent denial of service attacks; but this could be a dramatic bandwidth issue.
If you are using Palo Alto firewalls…Enable attack signatures 40023, 40028 and 40016. Authorities are still researching 34520.
Authorities in the US tell me this definitely has the potential to impact the entire worlds VoIP infrastructure as well as collateral damage from bandwidth issues on routers…this is the real deal!