A hacker has used a previously unknown vulnerability in a business phone VoIP device to spread ransomware, according to security firm Crowdstrike.
On Thursday, the company wrote a blog post about a suspected ransomware intrusion against an unnamed customer. Ransomware attacks often occur through phishing emails or poorly secured computers. But in this case, the hacker had enough know-how to uncover a new vulnerability in a Linux-based VoIP appliance from business phone provider Mitel.
The resulting zero-day exploit allowed the hacker to break into the company’s network through a VoIP device, which had limited security safeguards onboard. The attack was designed to essentially hijack the Linux-based VoIP appliance so that the hacker could infiltrate other parts of the network.
Fortunately, Crowdstrike’s security software spotted the unusual activity on the victim’s network. The company also reported the previously unknown vulnerability to Mitel, which supplied a patch to affected customers in April.
Still, the incident underscores the growing concern that ransomware groups will use zero-day exploits to attack more victims. Earlier this month, NSA Director of Cybersecurity Rob Joyce said some ransomware gangs are now rich enough to buy zero-day exploits from underground dealers or fund research into uncovering new software vulnerabilities.
Crowdstrike added: “When threat actors exploit an undocumented vulnerability, timely patching becomes irrelevant. That’s why it’s crucial to have multiple layers of defense.” To stay protected, companies should ensure perimeter devices, such as business VoIP appliances, remain isolated from their network’s most critical assets, the security firm said.
Companies that use Mitel's MiVoice Connect product should also implement the patch as soon as possible to prevent further exploitation.