Security News > 2022 > March > Mitel VoIP systems used in staggering DDoS attacks
Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems.
"This particular attack vector differs from most UDP reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the task force added.
"A controlled test of this DDoS attack vector yielded more than 400 Mpps of sustained DDoS attack traffic."
Cybersecurity organizations saw spikes of network traffic linked to the vulnerability on January 8 and February 7; the first actual attacks started February 18.
If one of the systems is being used in a DDoS over a particular time, it can't be used for other attacks during that period.
Microsoft, for one, in recent months has fended off two massive attacks against its Azure cloud, with company officials pointing to the rise of inexpensive DDoS services that enable inexperienced threat actors to launch them.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/10/mitel_amplification_ddos_attack/
Related news
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps (source)
- Recently patched CUPS flaw can be used to amplify DDoS attacks (source)
- Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors (source)
- Largest Recorded DDoS Attack is 3.8 Tbps (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks (source)