If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a huge, and potentially devastating, attack.
The attack vector in and of itself is unique in that it leverages a previously unused asset and represents a paradigm shift in how cyberpugilists are changing tactics to achieve their mission. PBX systems are making a big comeback, and for the 70 million business users out there, this can represent a substantial threat even if it “only” generates 393 megabits per second from a single compromised node. For security researchers, distributed denial-of-service (DDoS) vendors, security practitioners, and developers that deal with DDoS, this is cool. For the enterprises with the compromised systems, not so much.
What To Do About It
This type of attack, Mitel UDP/10074, is already mitigated by most providers and is specific to the Mitel MiCollab platform, so it’s new (and it’s news), but it is not necessarily something you need to drop everything for. Mitel has released a patch to remediate the internal vulnerability, and if you currently have DDoS protection capabilities, you can repel this type of attack without breaking a sweat.
What It Means In The Long Term
Reflection attacks are on the rise, and so are nonconventional DDoS attacks. Nefarious operators are exploring alternative methods of attack, which fall outside what were previously thought to be well-defended vectors. These are not just used by kids on Twitch or Steam; they are being leveraged by hostile organizations and state-sponsored attacks, as well. With that being said, your organization needs to take steps to ensure that DDoS attacks can be effectively defended against, whether you utilize an ISP DDoS provider or you have an on-premises, dedicated appliance. Ensure that your DDoS mitigation strategy, or vendor, can quickly respond to novel attack methodologies and has the ability to rapidly protect against zero-day threats such as amplification. Please review The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021, for recommended vendors, and feel free to set up an inquiry with me for further discussion.