Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1.
The attack vector – dubbed TP240PhoneHome (CVE-2022-26143) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations.
“Approximately 2,600 Mitel MiCollab and MiVoice Business Express collaboration systems acting as PBX-to-Internet gateways were incorrectly deployed with an abusable system test facility exposed to the public Internet,” Akamai researcher Chad Seaman said in a joint advisory.
“Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second (PPS).”
DDoS reflection attacks typically involve spoofing the IP address of a victim to redirect responses from a target such as DNS, NTP, or CLDAP server in such a manner that the replies sent to the spoofed sender are much bigger than the requests, leading to complete inaccessibility of the service.
images from Hacker News