Jump to content
  • Ransomware Hacker Spotted Using Zero-Day Exploit on Business Phone VoIP Device

    aum

    • 425 views
    • 2 minutes
     Share


    • 425 views
    • 2 minutes

    The incident underscores how ransomware hackers now seem to have more resources to uncover previously unknown software vulnerabilities to attack targets.

     

    To spread ransomware to a company, a hacker resorted to using a previously unknown vulnerability in a business phone VoIP device.


    The finding comes from the security firm Crowdstrike. On Thursday, the company wrote a blog post(Opens in a new window) about a suspected ransomware intrusion against an unnamed customer.


    Ransomware attacks often occur through phishing emails or poorly-secured computers. But in this case, the hacker had enough know-how to uncover a new vulnerability in a Linux-based VoIP appliance from the business phone provider Mitel.


    The resulting zero-day exploit allowed the hacker to break into the company’s network through a VoIP device, which had limited security safeguards onboard. The attack was designed to essentially hijack the Linux-based VoIP appliance so that the hacker could infiltrate other parts of the network.


    Fortunately, Crowdstrike was able to detect the hacker’s presence due to its security software spotting the unusual activity over the victim’s network. The company also reported the previously unknown vulnerability to Mitel, which supplied(Opens in a new window) a patch to affected customers back in April.


    Still, the incident underscores the growing concern that ransomware groups will use zero-day exploits to attack more victims. Earlier this month, NSA Director of Cybersecurity Rob Joyce said some ransomware gangs are now rich enough to buy zero-day exploits from underground dealers or fund research into uncovering new software vulnerabilities.


    Crowdstrike added: “When threat actors exploit an undocumented vulnerability, timely patching becomes irrelevant. That’s why it’s crucial to have multiple layers of defense.” To stay protected, companies should ensure perimeter devices, such as business VoIP appliances, remain isolated from their network’s most critical assets, the security firm said.

     

    Companies that use Mitel's MiVoice Connect product should also implement the patch as soon as possible to prevent further exploitation.

     

    Source

     

    Also:  Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack.

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...