Security News > 2022 > March > Mitel VoIP systems used in staggering DDoS attacks

Mitel VoIP systems used in staggering DDoS attacks
2022-03-10 12:28

Miscreants have launched massive, amplified distributed denial-of-service attacks by exploiting a vulnerability in Mitel collaboration systems.

"This particular attack vector differs from most UDP reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the task force added.

"A controlled test of this DDoS attack vector yielded more than 400 Mpps of sustained DDoS attack traffic."

Cybersecurity organizations saw spikes of network traffic linked to the vulnerability on January 8 and February 7; the first actual attacks started February 18.

If one of the systems is being used in a DDoS over a particular time, it can't be used for other attacks during that period.

Microsoft, for one, in recent months has fended off two massive attacks against its Azure cloud, with company officials pointing to the rise of inexpensive DDoS services that enable inexperienced threat actors to launch them.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/10/mitel_amplification_ddos_attack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mitel 60 2 51 27 29 109