Cyberattacks use a new DDoS reflection/amplification method, providing a record gain of almost 4.3 billion to 1.
Distributed denial of service (DDoS) is used in attacks on servers or networks by sending a large number of requests and large amounts of data, seeking to deplete available resources and cause service outages. The gain factor is crucial when conducting attacks, since the higher the number, the easier it is for attackers to suppress well-protected endpoints with less power.
According to experts from Akamai, the new attack vector is based on the use of vulnerable devices that serve as DDoS reflectors/amplifiers. Attacks begin with a small packet reflected inside a closed network, the size of which increases with each “bounce”. When the possible upper limit is reached, the received traffic volume is directed to the target.
For a new method of conducting DDoS attacks, attackers exploit a vulnerability (CVE-2022-26143) in the driver of Mitel devices that include the TP-240 VoIP interface, such as MiVoice Business Express and MiCollab. The driver contains a traffic generation command designed for stress testing of clients, used for debugging and performance testing.
By abusing this command, attackers can generate massive network traffic from these devices. Unfortunately, this is possible because the command is activated by default.
Experts found about 2.6 thousand vulnerable Mitel devices on the Network.