Ransomware attackers are abusing VoIP software to breach organizations

By Scott Marlette Last updated Sep 13, 2022

Ransomware attackers are abusing flaws in VoIP software to breach organizations and achieve initial access, researchers are warning.

Cybersecurity experts from Arctic Wolf Labs are warning about CVE-2022-29499, a remote code execution vulnerability found in Mitel MiVoice VOIP (opens in new tab) appliances, being used by the Lorenz threat actor to attack certain companies.

he researchers did not name any specific firms being targeted, but explained, “Initial malicious activity originated from a Mitel appliance sitting on the network perimeter,” they explain. “Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunneling tool to pivot into the environment.”

Issues patched

If the hackers are hunting for vulnerable Mitel VoIP products, then they seemingly have plenty of firms to choose from, with the devices used by organizations in critical sectors worldwide.

Mitel issued a patch for this vulnerability in early June 2022, which means threat actors are now after those firms who aren’t that diligent when it comes to keeping their systems up to date.

Should Lorenz successfully breach a target network, it will attempt to install the BitLocker ransomware (opens in new tab) onto the affected endpoints, the researchers further warned.

To keep safe, they recommend firms upgrade to MiVoice Connect Version R19.3, scan external appliances and web applications, do not expose critical assets directly to the internet, configure PowerShell logging, configure off-site logging, set up backups, and try their best to limit the blast radius of potential attacks.

Lorenz has previously been known as ThunderCrypt, researchers confirmed, also saying that it’s been active since at least December 2020. They usually go after high-profile targets, and their ransom demands are in hundreds of thousands of dollars.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.