Researchers from Arctic Wolf Labs say that the Lorenz ransomware group exploited a remote code execution vulnerability in Mitel MiVoice Connect to gain initial access to systems. The intruders then waited almost a month before exfiltrating data and encrypting systems. Mitel released an update for MiVoice Connect to address the flaw in July.
Note
- IoT attacks are often considered “nuisance” attacks by bots like Mirai. But among the immense noise created by these bots, we do have more sophisticated attacks that use vulnerable devices like these VoIP systems as a steppingstone to enter otherwise reasonably well-protected networks. Reminds me to finally put my automated cat feeder into the IoT VLAN.
- Remember your VoIP system is a computer and needs to be kept updated, securely configured, and monitored for unexpected activity. Take that a step further: consider almost every system we use today as a computer which needs to be kept secured, ideally asking for that activity to be incorporated into the deployment plan, which may then trigger needs for added cyber resources.
