Protection of telecommunications

Effective protection against TDoS attacks and telephone system peaks

A Telephony Denial of Service (TDoS) attack is an attempt to make the telephone system inaccessible to users by blocking incoming and/or outgoing calls. To do this, attackers successfully overflow all available telephone resources, so that there is no free telephone line. Attackers use TDoS attacks, demanding a ransom to stop the attack. TDoS are also used to block bank notifications about unauthorised transfers of funds, etc. Sometimes TDoS attacks occur as a result of errors or peak loads of legitimate users. TDoS attacks can be short or last for several days. Regardless of the TDoS attack’s nature, we offer an effective remediation set for peak loads.

What Is a TDoS Attack?

A TDoS (Telephony Denial of Service) attack is a form of cyber attack that aims to disrupt phone systems, such as those used by call centres or emergency services. The objective is to overwhelm the system with a high volume of traffic, rendering it unavailable. Typically, the attack involves automated calls or messages generated by bots or compromised systems, flooding the target system and causing service disruptions. This type of attack can result in significant financial and reputational damage.

Who Is at Risk?

Any business relying on internet connectivity and online services is potentially vulnerable to DoS, DDoS, and TDoS attacks. However, certain types of businesses may face a higher risk due to the nature of their operations, the amount of online traffic they receive, and the value of their online assets.

Examples of businesses particularly susceptible to DoS, DDoS, and TDoS attacks include:

E-commerce websites
Online retailers heavily reliant on web traffic for revenue are particularly vulnerable. An attack can disrupt online sales, leading to financial losses and harm to their brand reputation.
Financial institutions
Banks, insurance companies, and other financial institutions are frequent targets for attackers aiming to disrupt services or steal sensitive customer information. Successful attacks can result in substantial financial losses and reputational damage.
Government agencies
Government agencies and public institutions often face attacks from political activists and other groups attempting to disrupt services or gain access to sensitive information. A successful attack can disrupt critical services and compromise data security.
Healthcare providers
Hospitals and healthcare facilities rely on online services to manage patient records and communication. A successful attack can disrupt services and compromise sensitive patient data.
Gaming companies
Online gaming companies are attractive targets for attackers seeking to disrupt services or steal valuable in-game items. Attacks can lead to revenue loss and damage to brand reputation.
Online media companies
News websites, online video streaming services, and other media companies may be targeted to disrupt services or gain unauthorised access to sensitive information. Attacks can result in revenue loss and reputational harm.

In summary, any business dependent on online services or generating significant web traffic is potentially vulnerable to DoS, DDoS, and TDoS attacks. However, businesses in the aforementioned categories may face a higher risk and should take additional precautions to safeguard their online assets.

Types of TDoS

TDoS attacks can be classified into two categories based on their execution mode:

  • Manual TDoS: These attacks are manually carried out by individuals or groups using tools like automated diallers to initiate a large number of calls or messages to the target system. Manual TDoS attacks are usually motivated by specific reasons such as extortion, revenge, or political activism.
  • Automated TDoS: These attacks involve automated tools like bots or malware, which can initiate a high volume of calls or messages to the target system without human intervention. Automated TDoS attacks are often driven by financial gain, as they can disrupt call centres or emergency services and demand ransom payments for service restoration.

TDoS Prevention Methods

To mitigate the risk of TDoS attacks, businesses can employ the following prevention methods:

  1. Network and infrastructure hardening: Strengthening network and infrastructure security by implementing such measures as firewall protection, intrusion detection systems, and network traffic monitoring.
  2. Rate limiting and traffic shaping: Setting limits on the number of calls that can be made to a phone system within a specific period and prioritising certain types of traffic over others to restrict the impact of TDoS attacks.
  3. Call blocking and filtering: Implementing mechanisms to block calls from known TDoS sources or suspicious numbers to prevent attacks at an early stage.
  4. Incident response planning: Developing an incident response plan that includes steps to quickly identify and mitigate an attack, as well as procedures for reporting the attack to law enforcement and communicating with customers and stakeholders.

TDoS protection services

serviceAnalysis and testing of telecommunication security

A) PBX IP interface test in grey-box mode. Simulation of various attacks on VoIP.

B) Configuration analysis in white-box mode. The report includes recommendations for addressing security vulnerabilities and configuration flaws.
serviceImplementation of call filtering and voice menu

Development and implementation of a system for recognising suspicious incoming calls based on Machine Learning. Building an Interactive Voice Response (IVR) where suspicious calls will be automatically redirected.
serviceImplementation of a fault-tolerant telecom platform

Development of a fault-tolerant platform with the use of several trunks to different telecom operators. Consultations on how to make arrangements with the operators so that they filter calls and put them in blocklists in addition to local protection.

Our experience

  1. More than 80 projects on security assessment and penetration testing of IP networks.
  2. Permanent delivery for the information security department of one of the leading national telecom operators.
  3. Testing various kinds of mobile VoIP clients.
  4. Testing of corporate IP-PBX phone systems.
  5. Penetration tests of IMS operators, including 4G, with signalling via SIM over IPv6 and with traditional GSM/SS7 signalling.
  6. Continuous cooperation with the cyber police and other government agencies.

Service summary

⏳ Duration of project

Several weeks to several months, depending on project scope and requirements.

🎁 Can it be free or have a testing period?

Free consultation and initial analysis of business requirements.

💼 What type of business needs it?

Telecommunications providers, financial institutions, healthcare providers, government agencies, and any organisation that transmits sensitive data.

💡 When is this service needed?

When you are facing new cyber threats or regulatory requirements, or want to ensure business continuity or the security of your communications and sensitive data.

📈 Your profit

Avoided costly fines for non-compliance, security breaches or downtime, which can result in financial losses and reputational damage.

⚙️ Our methods and tools

Encryption, firewalls, access control systems, penetration testing, IDS, IPS, VNP, SIEM, IVR, etc. 

📑 Deliverables

Security policies and procedures, risk assessments, training materials, incident response plans, implementation and testing reports, etc. 

Check out our additional services and business cases. Send the form below to request telecommunication protection services. Get a free consultation.



A TDoS (Telephony Denial of Service) attack is a type of cyber attack that is aimed at disrupting telecommunications services by overwhelming them with a flood of calls or messages. These attacks can cause significant damage to the targeted organization's reputation and finances, as well as interrupt vital communications. Here are some steps that can be taken to protect telecommunications from TDoS attacks:

Implement Traffic Analysis and Filtering: Traffic analysis can identify abnormal traffic and filtering can prevent malicious traffic from reaching the system. Deploying a Traffic Analysis System can help identify patterns of calls that are characteristic of TDoS attacks.

Deploy Anti-Spam Measures: Installing anti-spam measures such as anti-spam filters and IP blacklists can help filter out unwanted calls and messages that could be part of a TDoS attack.

Implement Rate Limiting: Rate limiting is a technique that limits the number of calls or messages that can be sent from a particular source. By implementing rate limiting on inbound calls or messages, you can prevent an attacker from overwhelming the system.

Monitor Network Traffic: It is important to monitor network traffic to detect any abnormal activity. By monitoring the traffic and analyzing it in real-time, you can detect TDoS attacks and take necessary actions to mitigate them.

Prepare an Emergency Response Plan: Having a well-prepared emergency response plan can help to reduce the damage caused by a TDoS attack.

Implement DDoS Protection: TDoS attacks can be seen as a type of DDoS attack, so implementing DDoS protection measures can help to mitigate TDoS attacks as well. DDoS protection systems can detect and block incoming attacks, while also allowing legitimate traffic to pass through.

IP-telephony is a popular technology that allows individuals and organizations to make phone calls over the internet. However, as with any technology, IP-telephony is not immune to security threats. Here are some steps that can be taken to make IP-telephony more secure:

Secure your Network: The first step to securing IP-telephony is to ensure that your network is secure. This includes implementing firewalls, intrusion detection systems, and other network security measures to prevent unauthorized access to your network.

Use Encryption: Encryption is an important tool for securing IP-telephony. By encrypting the data that is transmitted over the network, you can prevent eavesdropping and ensure the confidentiality of your conversations.

Implement Strong Authentication: Strong authentication is essential for preventing unauthorized access to your IP-telephony system. This can be achieved by implementing secure authentication protocols such as two-factor authentication or biometric authentication.

Regularly Update your Software: Regularly updating your IP-telephony software can help to prevent security vulnerabilities and ensure that your system is up-to-date with the latest security patches.

Monitor your Network: Monitoring your network can help you detect and respond to security threats in a timely manner. This can be achieved by implementing network monitoring tools that can detect suspicious activity and alert you to potential security threats.

Educate Users: Educating users on best practices for using IP-telephony can help to prevent security breaches. This includes training users on how to recognize and avoid phishing scams, how to create secure passwords, and how to report suspicious activity.

Here are some steps that can be taken to protect the telecommunications system from peak loads:

Scalability: Ensuring that your system is scalable is essential for handling peak loads. This means that the system should be able to handle an increase in demand without experiencing network congestion or service degradation. It is important to regularly assess and upgrade the system's capacity to handle peak loads.

Load Balancing: Load balancing is a technique that distributes the workload across multiple servers or network resources. By using load balancing, you can ensure that the workload is evenly distributed across the system, which can help to prevent network congestion and service degradation during peak loads.

Traffic Shaping: Traffic shaping is a technique that allows you to control the flow of traffic in your system. By using traffic shaping, you can prioritize critical traffic such as emergency calls or business-critical traffic, which can help to ensure that these types of traffic are not affected by peak loads.

Bandwidth Management: Bandwidth management is a technique that allows you to manage the amount of bandwidth that is allocated to different types of traffic. By using bandwidth management, you can allocate more bandwidth to critical traffic during peak loads, which can help to ensure that these types of traffic are not affected by network congestion.

Disaster Recovery Planning: Disaster recovery planning is essential for ensuring that your system can recover from unexpected events such as peak loads. By having a disaster recovery plan in place, you can ensure that your system can quickly recover from network congestion or service degradation.

Business cases of projects we completed

Audit of smart contracts and blockchain
Business Automation
Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases