From zdnet.com
![cyber-ddos-globe-white.png](https://www.zdnet.com/a/img/resize/882e77d6660224061bce485b12dd904daf95adc7/2021/02/22/a7b40545-4115-4c96-acc9-d292c6871c95/cyber-ddos-globe-white.png?fit=bounds&format=pjpg&auto=webp)
Security researchers from Akamai, Cloudflare, Lumen Black Lotus Labs, Mitel, Netscour, Team Cymru, Telus, and The Shadowserver Foundation have disclosed denial-of-service attacks with an amplification ratio that surpasses 4 billion to one that can be launched from a single packet.
Dubbed CVE-2022-26143, the flaw resides in around 2,600 incorrectly provisioned Mitel MiCollab and MiVoice Business Express systems that act as PBX-to-internet gateways and have a test mode that should not be exposed to the internet.
“The exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1,” a blog post on Shadowserver explains.