BleepingComputer reports that the Lorenz ransomware operation exploited a critical Mitel telephony infrastructure vulnerability, tracked as CVE-2022-29499, to obtain initial access to the victim's network five months prior to commencing lateral movement, data theft, and system encryption activities.
While the victim organization applied patches for the Mitel flaw, the backdoor had already been implanted by Lorenz ransomware a week prior to the release of the security update, according to a report from global intelligence and cyber security consulting company S-RM.
"They leveraged vulnerabilities within two Mitel PHP pages on a CentOS system on the network perimeter, which allowed them to retrieve a web shell from their own infrastructure and install it on the system," said S-RM.
The five-month gap between initial network access and the eventual attack suggests that Lorenz ransomware may have secured network access from a broker.
Lorenz "is actively returning to old backdoors, checking they still have access and using them to launch ransomware attacks," researchers added.
SiliconAngle reports that ransomware attacks against the educational sector have significantly increased from 2018 to 2022 and are expected to reach a record high this year, with 85 attacks recorded during the first half of 2023 being almost two times higher than the same period in 2022.
Air Canada has confirmed being impacted by a data breach that compromised some of its employees' limited personal data and other records, reports The Record, a news site by cybersecurity firm Recorded Future.