Contents:
Multiple DDoS botnets have actively exploited a critical vulnerability discovered in Zyxel firewall models, as revealed by cybersecurity researchers. Tracked as CVE-2023-28771, this flaw explicitly impacts Linux platforms and enables remote attackers to gain unauthorized control over vulnerable systems, effectively launching DDoS attacks.
The Specifics
The vulnerability stems from an error message handling bug, which enables remote attackers to execute OS commands. By sending a specially crafted packet to the targeted Zyxel device, these attackers can gain unauthorized control over vulnerable systems, facilitating DDoS attacks.
Despite Zyxel’s security advisory released on April 25, 2023, and their call for customers to update their firewalls, the Cybersecurity and Infrastructure Security Agency (CISA) included the flaw in its Known Exploited Vulnerabilities (KEV) catalog in May, signaling ongoing exploitation.
Subsequent to the vulnerability’s disclosure, the researchers observed an increase in malicious activities, particularly in May, with the attacks being observed in Central America, North America, East Asia, and South Asia. Dark.IoT, a Mirai-based variant, along with other DDoS botnets, have been exploiting the vulnerability to launch attacks.
A Note from Heimdal®
The situation is particularly alarming given the ongoing trend of increasing DDoS attacks in 2023, which has been linked to ransomware gangs.
The prime focus for threat actors has consistently been on targeting vulnerable devices, raising significant concerns for IoT devices and Linux servers due to the prevalence of remote code execution attacks. The exposure of vulnerabilities in such devices poses substantial risks. Once attackers gain control over a vulnerable device, they can include it in their botnet, enabling further attacks, including DDoS.
To tackle this threat effectively, prioritizing the application of patches and updates whenever available is crucial. Taking proactive measures to enhance the security of these devices is strongly advised.
f you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.