“TNT” gang has released a new hardware TDoS tool in the criminal underground

Telephone DDoS attacks are on the rise, the  criminal group known as “TNT” gang has released a new hardware tool in the underground ecosystem.

The IntelCrawler cyber threat intelligence company has discovered a new advanced tool, dubbed ‘TNT Instant Up’, for Telephone Denial of Service attacks (TDoS). TDoS is a common practice in the criminal underground, it consists in flooding of unwanted, malicious inbound calls on a targeted system.

The calls are usually into a contact center or other part of an enterprise, which depends heavily on voice service. Examples are financial contact centers, Intensive Care Units (ICUs) and emergency rooms in hospitals, and public services such as 911. The intent of the attacker is disruption or financial gain through extortion.

The bad actors use these tools for online-banking frauds or targeted cyber attacks against banking customer services, the intent is to prevent their systems from receiving legitimate calls.

Last summer, the FBI reported that hackers run several TDoS attacks against companies operating in the Healthcare and Public Health Sector. At least one instance has been reported where the 9-1-1 Public Safety Access Point (PSAP) was disabled.

In 2013, the law enforcement issued a warning to emergency services call centers to be wary of telephony denial-of-service (TDoS) attacks. Unfortunately, bad actors interested in the TDoS tools are different, such kind of tools could be used as part of attacks and scams, organized by criminal groups, hacktivists and state-sponsored hackers.

The news TDoS tool is designed by a criminal crew from Eastern Europe called “TNT”, the tool was presented several days ago (February 18th 2015) in underground communities.

The “TNT Instant Up” tool is a dedicated hardware that could be used by crooks to run TDoS attack, it consists of up to 12 connected Wireless USB 3G/4G modems. The TDoS tool runs a special software that allows attackers to hammer victims with continuous calls from inserted unlocked SIM-cards (GSM flood).

“The tool, called “TNT Instant Up”, is designed as a special hardware platform, consisting of several connected Wireless USB 3G/4G modems (up to 12 devices). Special software allows the tool to perform continuous calls from inserted unlocked SIM-cards (GSM flood) and leverages various SIP providers (SIP flood), loyal to such kind of harmful activity. ” states the blog post published by IntelCrawler.

TNT Instant Up tool supports Caller ID spoofing and includes a special “Service 500 Error” bypass, using multiple call forwarding. In a video POC that is circulationg among the underground communities, the TNT group shows TDoS attack against several demo victims, the TNT Instant Up allows them to conduct a high volume of calls from spoofed or anonymous numbers.circulationg among the underground communities, the TNT group shows TDoS attack against several demo victims, the TNT Instant Up allows them to conduct a high volume of calls from spoofed or anonymous numbers.

The pricing range for the TNT Instant Up tool is between $560 USD and $1200 USD, it depends on the options and software provided by the hackers.

I have contacted experts at IntelCrawler to have more info on TDoS tools and their evolution:

Q: How this tool can be used for online-banking fraud?

A: This new tool compromises the text messaging systems to our smart phones”, states Andrew Komarov, President and Chief Intelligence Officer of IntelCrawler. “Banking texts of alerts or authorizations may not get through, allowing cyber criminals more time and opportunity to commit fraud.

Q:  What is new in this tool?

A: The tool developed by “TNT” allows to perform TDoS  against multiple targets simultaneously, supporting up to 50 victims and more from 12 connected devices. 
Combination of GSM and SIP flood from multiple sources may significantly increase the level of attack. Traditionally, the bad actors used Skype-based flooders, but it absolutely depends on the number of Skype accounts with credits.

As expected, the group also offers a professional TDoS services for hire implementing the sales model known as attack-as-a-service.

(Security Affairs –  TDoS , cybercrime) , cybercrime)