Ransomware attackers are abusing VoIP software to breach organizations
Date:
Tue, 13 Sep 2022 09:33:13 +0000
Description:
Unpatched Mitel MiVoice VOIP appliances are being hunted by the Lorenz ransomware operators.
FULL STORY ======================================================================
Ransomware attackers are abusing flaws in VoIP software to breach organizations and achieve initial access, researchers are warning.
Cybersecurity experts from Arctic Wolf Labs are warning about CVE-2022-29499, a remote code execution vulnerability found in Mitel MiVoice VOIP appliances, being used by the Lorenz threat actor to attack certain companies.
he researchers did not name any specific firms being targeted, but explained, "Initial malicious activity originated from a Mitel appliance sitting on the network perimeter," they explain. Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunneling tool to pivot into the environment." Issues patched
If the hackers are hunting for vulnerable Mitel VoIP products, then they seemingly have plenty of firms to choose from, with the devices used by organizations in critical sectors worldwide.
Mitel issued a patch for this vulnerability in early June 2022, which means threat actors are now after those firms who arent that diligent when it comes to keeping their systems up to date.
Should Lorenz successfully breach a target network, it will attempt to
install the BitLocker ransomware onto the affected endpoints, the researchers further warned. Read more
Ransomware gangs using clever new technique to dance past security
protections
Microsoft sounds the alarm over dangerously simple ransomware kits
These are the best antivirus tools around
To keep safe, they recommend firms upgrade to MiVoice Connect Version R19.3, scan external appliances and web applications, do not expose critical assets directly to the internet, configure PowerShell logging, configure off-site logging, set up backups, and try their best to limit the blast radius of potential attacks.
Lorenz has previously been known as ThunderCrypt, researchers confirmed, also saying that its been active since at least December 2020. They usually go after high-profile targets, and their ransom demands are in hundreds of thousands of dollars. Here's our rundown of the best malware removal tools right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/ransomware-attackers-are-abusing-voip-software- to-breach-organizations/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)