How can we help?
New amplification techniques have been seen in the wild which would allow for more powerful DDoS attacks.
The most extreme of these, TP240PhoneHome (CVE-2022-26143), comes from approximately 2,600 PBX-to-internet gateways with an abusable system test facility exposed to the public internet. This would allow an attacker to flood a victim with a large amount of network traffic by sending a single small request. This amplification effect allows for much larger bandwidth exhaustion attacks than would be possible otherwise.
Other techniques abuse content-filtering equipment owned by network providers. One can generate censorship notifications thousands of times larger than an initial request. Another one exhausts resources by tricking the machines into holding open TCP connections – the number of which is limited.
A DDoS attack can exhaust the bandwidth available to a service and prevent legitimate traffic from getting through.
The Mitel service runs on UDP/10074 and is not designed to be exposed to the internet.
Mitel MiCollab and MiVoice Business Express collaboration systems
Containment, Mitigations & Remediations
Standard DDoS-defense techniques are effective.
Indicators of Compromise
There are no indicators of compromise associated with a denial-of-service attack. Indicators of an attack can manifest at any of the levels of the OSI model, but are most commonly:
– Excessive network traffic
– Excessive memory or processor utilisation
– System resource exhaustion
DDoS attacks have been used heavily in Ukraine recently.
T1498 – Network Denial of Service: Reflection Amplification