November 20, 2019
Connect with Pindrop @ re:Invent
Pindrop will be in Las Vegas attending re:Invent 2019 from…
Some attackers have taken to using a new phone bot for the Discord chat and voice app to send large numbers of harassing and nuisance calls to individual victims, retailers, and even law enforcement agencies.
Known as Phonecord, the bot is being used in a number of different ways. But unlike most other phone-based campaigns, the attackers behind these aren’t out to make money off their calls. Instead, they’re using the calls as a way to harass and annoy their targets. Analysts at Flashpoint have been tracking these campaigns recently, and say that the actors behind them are taking advantage of Discord’s ease of use and Phonecord’s features to go after a variety of targets.
“Although telephone bots in and of themselves are nothing new, Phonecord is relatively unique because it utilizes the social and communication application Discord, which enables users to make international calls directly and easily from the app’s voice chat functionality. And because those seeking to use the Phonecord bot have the option to pay for the service in Bitcoin, most users remain relatively anonymous,” David Shear of Flashpoint said in a post analyzing the campaigns.
“While Discord has long been popular among the gaming community, the app’s ease of use and ability to withstand distributed denial-of-service (DDoS) attacks has given rise to its heavy usage among cyber threat actor communities.”
Shear said the actors using Phonecord have targeted both the FBI and the UK’s National Crime Agency and also have used the bot to pull pranks, such as having dozens of pizzas delivered to a victim’s house. Phone bots have been around for many years, and have been used for any number of different things. Some are used for robocalls and others are used for phone fraud schemes. There’s even an anti-bot bot called Jolly Roger that is designed to combat other phone bots by putting them into a black hole of nonsensical conversations.
The campaigns that Flashpoint has been following probably will keep going, Shear said.
“Flashpoint analysts assess with high confidence that threat actors will likely continue to use the Phonecord bot to carry out harassment campaigns against various individuals and organizations unless the administrators of the service institute additional controls and countermeasures,” he said.
Image: Dan Wiedbruck, CC By-nd license.