Get in Touch
Please get in touch using the form below.
DDoS
Overview
New amplification techniques have been seen in the wild which would allow for more powerful DDoS attacks.
The most extreme of these, TP240PhoneHome (CVE-2022-26143), comes from approximately 2,600 PBX-to-internet gateways with an abusable system test facility exposed to the public internet. This would allow an attacker to flood a victim with a large amount of network traffic by sending a single small request. This amplification effect allows for much larger bandwidth exhaustion attacks than would be possible otherwise.
Other techniques abuse content-filtering equipment owned by network providers. One can generate censorship notifications thousands of times larger than an initial request. Another one exhausts resources by tricking the machines into holding open TCP connections – the number of which is limited.
Impact
A DDoS attack can exhaust the bandwidth available to a service and prevent legitimate traffic from getting through.
Vulnerability Detection
The Mitel service runs on UDP/10074 and is not designed to be exposed to the internet.
Affected Products
Mitel MiCollab and MiVoice Business Express collaboration systems
Containment, Mitigations & Remediations
Standard DDoS-defense techniques are effective.
Indicators of Compromise
There are no indicators of compromise associated with a denial-of-service attack. Indicators of an attack can manifest at any of the levels of the OSI model, but are most commonly:
– Excessive network traffic
– Excessive memory or processor utilisation
– System resource exhaustion
Threat Landscape
DDoS attacks have been used heavily in Ukraine recently.
Mitre Methodologies
T1498 – Network Denial of Service: Reflection Amplification
Further Information
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
CVE-2022-26143: A Zero-Day vulnerability for launching UDP amplification DDoS attacks