Ransomware Hacker Spotted Using Zero-Day Exploit on Business Phone VoIP Device

pcmag.com:

To spread ransomware to a company, a hacker resorted to using a previously unknown vulnerability in a business phone VoIP device.

The finding comes from the security firm Crowdstrike. On Thursday, the company wrote a blog post(Opens in a new window) about a suspected ransomware intrusion against an unnamed customer.

Ransomware attacks often occur through phishing emails or poorly-secured computers. But in this case, the hacker had enough know-how to uncover a new vulnerability in a Linux-based VoIP appliance from the business phone provider Mitel. 

The resulting zero-day exploit allowed the hacker to break into the company’s network through a VoIP device, which had limited security safeguards onboard. The attack was designed to essentially hijack the Linux-based VoIP appliance so that the hacker could infiltrate other parts of the network. 

Fortunately, Crowdstrike was able to detect the hacker’s presence due to its security software spotting the unusual activity over the victim’s network. The company also reported the previously unknown vulnerability to Mitel, which has supplied(Opens in a new window) a patch to affected customers. 

Still, the incident underscores the growing concern that ransomware groups will use zero-day exploits to attack more victims. Earlier this month, NSA Director of Cybersecurity Rob Joyce said some ransomware gangs are now rich enough to buy zero-day exploits from underground dealers or fund research into uncovering new software vulnerabilities. 

Crowdstrike added: “When threat actors exploit an undocumented vulnerability, timely patching becomes irrelevant. That’s why it’s crucial to have multiple layers of defense.” To stay protected, companies should ensure perimeter devices, such as