Hackers have developed a new DDoS amplification method in attacks, with a 4.3 billion to 1 ratio, which experts see as a record-breaking amplification ratio ever executed.
In distributed denial-of-service or DDoS attacks, threat actors target the networks or servers of their victims using an overload of requests and high volumes of data to cause a service outage or exhaust their resources.
The DDoS amplification ratio implies that the higher the number is, the more effective it is for threat actors to overwhelm and damage any secured servers using lesser efforts from their end.
Security analysts reported the new attack vector, explaining that it relies on vulnerable devices to be the DDoS reflectors or amplifiers. The actual reflection attack will begin with a small packet inside a closed server being amplified per bounce, gradually building up traffic volume to reach the possible upper limit, and then be routed towards the target.
For instance, the new attack vector is seen exploiting a Mitel driver vulnerability tracked as CVE-2022-26143. The abused driver is called the ‘TP-240 driver’ used as a software bridge to assist the TP-240 VoIP processing interface card interactions.
The flaw was reportedly abused after some commands on UDP/10074 had been exposed to the internet and was found by threat actors. Over 2,600 exposed Mitel devices discovered by security analysts are prone to DDoS amplification attacks.
Researchers first noticed the Mitel devices attacks on the first few days of 2022 and have recorded an actual abuse on the vulnerable driver by February. According to them, the targets of this campaign include commercial and logistic firms, governments, private and financial institutions, and broadband access ISPs.
Way before the ongoing Russia-Ukraine cyber-warfare involving DDoS attacks, Ukraine’s banks, and other private firms have already suffered from cyberattacks that shut down their websites and infrastructure.
For this reason, experts strongly recommend that organizations enhance their cybersecurity measures and solidify their infrastructure from the threats posed by any form of cyberattacks, including DDoS amplification.
