New research claims that a botnet, strikingly similar to the dreaded Mirai, is targeting Zyxel NAS instances that have passed their end-of-life date.
A report from the Shadowserver Foundation, a security organization that tracks cyber threats, says that threat actors recently began searching for one of the three flaws, CVE-2024-29973, which is a command injection vulnerability. .
The goal, apparently, is to integrate the endpoints into a botnet.
botnets
In March 2024, cybersecurity researchers Outpost24 discovered three vulnerabilities in Zyxel's network-connected storage endpoints: CVE-2024-29973, CVE-2024-29972, and CVE-2024-29974. All three have a severity score of 9.8 (critical) and were found to affect NAS326 (running V5.21(AAZF.16)C0 and earlier) and NAS542 (running V5.21(ABAG) .13)C0 and earlier).
A few months later, threat actors have started targeting vulnerable endpoints.
A botnet is essentially a “network of bots”: compromised endpoints whose computing power and Internet bandwidth can be used for malicious purposes.
Botnets are typically used for distributed denial of service (DDoS) attacks or to lend bandwidth and IP addresses for illegal residential proxy services.
It is also worth mentioning that while these two Zyxel NAS devices reached the end of their useful life, the Taiwanese company decided to repair them, as some organizations have extended the devices' warranty. Therefore, if your organization uses these products, it would be advisable to apply the patches immediately.
Additionally, disconnecting them completely and replacing them with newer, more compatible models would be an even better solution.
Network-attached storage devices like these are often targeted by criminals due to their importance in the organization and frequent misconfiguration. In addition to Zyxel, threat actors are constantly looking for D-Link or QNAP devices to attack. In fact, in early April, thousands of end-of-life D-Link NAS devices were reported to have a high-severity vulnerability that allowed attackers to execute malicious code, steal sensitive data, and mount denials of service (DoS attacks). ).
Through registration
