Mitel MiCollab and MiVoice Business Express Applications Exploited for DDoS Amplification Attacks

In a recent Cloudflare blogpost, security researchers from multiple companies warn of a new DDoS attack method they have named TP240PhoneHome. This method utilizes vulnerable versions of the Mitel MiCollab and MiVoice Business Express communications systems, which are largely employed by government and private sector organizations. The TP240PhoneHome method was first observed utilized for DDoS attacks on February 18. While tens of thousands of these systems have been sold, researchers state they have discovered only 2,600 of the systems are exposed to the internet and vulnerable to the exploit. However, those vulnerable systems enable the potential for record-setting DDoS amplification attacks. Likewise, according to the vendor, a remote, unauthenticated attacker could also exploit the vulnerability to gain access to sensitive information and possibly execute arbitrary code. Read more at Cloudflare and MITRE.