The Lorenz ransomware group managed to breach into corporate networks using VoIP vulnerabilities.

Data breaches are at an all-time high, with several ransomware gangs exploiting vulnerabilities within systems to steal sensitive data. Lorenz is a ransomware group that uses VoIP vulnerabilities to breach into the network of enterprises with the help of phone systems.

Security firm Arctic Wolf Labs found that the ransomware gang abused the CVE-2022-29499 bug to gain access to enterprise systems. “Initial malicious activity originated from a Mitel appliance sitting on the network perimeter”, Crowdstrike reported.

“Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunneling tool to pivot into the environment.”

Mitel’s vulnerabilities

Mitel is a renowned VoIP system used by businesses across the world. Many highly sensitive sectors use the software, and the vulnerability impacts more than 19,000 devices connected to Mitel.

While Mitel has responded to the recent reports and vulnerabilities by publishing security patches and a remediation script, some Mitel devices remain vulnerable to DDoS attacks. Mitel will have to remove these security flaws with the help of better patches; otherwise, they risk losing their credibility.

If not resolved timely, the vulnerabilities can result in millions of data records being leaked and breached. Until Mitel comes with an improvised and foolproof version of its VoIP system, many organizations are considering safer alternatives.

Tip: Heineken shows Splunk is more than IT and security