free counter

Ransomware attackers are abusing VoIP software to breach organizations

ransomware avast

(Image credit: Avast)

Ransomware attackers are abusing flaws in VoIP software to breach organizations and achieve initial access, researchers are warning.

Cybersecurity experts from Arctic Wolf Labs are warning about CVE-2022-29499, a remote code execution vulnerability within Mitel MiVoice VOIP (opens in new tab) appliances, used by the Lorenz threat actor to attack certain companies.

he researchers didn’t name any specific firms being targeted, but explained, “Initial malicious activity comes from a Mitel appliance sitting on the network perimeter,” they explain. Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance element of MiVoice Connect, to secure a reverse shell and subsequently used Chisel as a tunneling tool to pivot in to the environment.”

Issues patched

If the hackers are trying to find vulnerable Mitel VoIP products, they seemingly have a lot of firms to select from, with the devices utilized by organizations in critical sectors worldwide.

Mitel issued a patch because of this vulnerability in early June 2022, this means threat actors are actually after those firms who arent that diligent with regards to keeping their systems updated.

Should Lorenz successfully breach a target network, it’ll try to install the BitLocker ransomware (opens in new tab) onto the affected endpoints, the researchers further warned.

To help keep safe, they recommend firms upgrade to MiVoice Connect Version R19.3, scan external appliances and web applications, usually do not expose critical assets right to the web, configure PowerShell logging, configure off-site logging, create backups, and try their finest to limit the blast radius of potential attacks.

Lorenz has previously been referred to as ThunderCrypt, researchers confirmed, also saying that its been active since at the very least December 2020. They often follow high-profile targets, and their ransom demands come in thousands of dollars.

Via: BleepingComputer (opens in new tab)

Sead is really a seasoned freelance journalist located in Sarajevo, Bosnia and Herzegovina. He writes about any of it (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, regulations). In his career, spanning greater than a decade, hes written for numerous media outlets, including Al Jazeera Balkans. Hes also held several modules on article writing for Represent Communications.

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker