We wanted to provide some insight into what is occurring in the Telecom industry these past few days. Since Saturday, September, 25, 2021, a hacking organization has been performing a coordinated DDoS attack (What is a DDos Attack?) against a Tier1 Telecom Provider, Bandwidth.com. Bandwidth.com is a Public Traded company and is a Communications Platform as a Service (CPaaS) company. They sell software application programming interfaces (or APIs) for voice and messaging, using their own IP voice network. As a Tier 1 provider their services are used by more than 40% of Telecom providers including Microsoft, Google, Zoom, Verizon, Charter Communications, GoToConnect, Ring Central, 8x8, and many others.
As of now, there is no official communication on which hacking group is responsible for these coordinated attacks over the past few days, but through secondhand information, it is being reported that it is being organized by REvil. If you haven’t heard of REvil, they have been responsible for the following recent major hacking attacks:
As you can see from the above list, REvil is a highly sophisticated hacking organization and is going after a new major piece of our infrastructure, our Telecom backbone. You can find some of the news articles below:
In the IT industry, we are very surprised by how little national news attention this attack has gotten to this point. We are not sure how this has avoided the attention, especially since this type of attack to a 911 Center Provider, had to be reported to the FCC within 4 hours.
Currently, there is chatter by employees of Bandwidth.com that REvil is using these DDoS attacks as a new form of extortion. They are demanding a ransom be paid or they will continue these DDoS attacks against Bandwidth.com, which they are primarily running during peak hours of business from 9 AM – 6 PM EST. This lines up with the recent attack that REvil had against a VOIP provider, Voip.ms, where they demanded a 4.5 million dollar ransom to stop the DDoS attack against them. As much as we may be thinking that Bandwidth.com pay the ransom to get this ended, the government has made it illegal to pay terrorist organizations, which REvil is listed as, and paying them DOES NOT mean they will stop. It will only empower them further to continue this action.
There are many of the smartest security, network, and infrastructure engineers working along with Bandwidth.com to mitigate the effects of the DDos Attack and get an end to this. However, during these attacks you may notice some of the following, no matter which phone provider you use (VoIP, Landline, Cellular):
The various providers have been working on mitigation techniques to limit the effect of Bandwidth.com from pulling down their whole network, but unfortunately, that is not always possible. You can find a Blog Post by GoToConnect on this issue at
As of 7:15 AM this morning, Bandwidth.com is listing that everything is stable on their status page, which can be found at https://status.bandwidth.com, however, over the past few days, we see the attacks begin around 9 AM. We are hoping that these attacks do not continue today or that Bandwidth.com has put further tools in place to limit their affect, but if not, it may be possible to have poor services these morning and afternoon once again.
Should you have poor or no phone communication, we recommend you do the following to stay connected with your clients:
As always, we are here to help and answer any questions that you may have. Should you be unable to reach us by phone, you can always contact us by sending a support ticket to firstname.lastname@example.org.