A distributed denial of service (DDoS) botnet is being used to actively exploit critical vulnerabilities found in Zyxel firewall models.
This flaw was identified by Fortinet security researchers as follows: CVE-2023-28771which explicitly affects the Linux platform.
Exploitation of this vulnerability would allow remote attackers to gain unauthorized control of a vulnerable system and perform DDoS attacks.
Discuss vulnerabilities blog post Announced Wednesday, July 20, Fortinet Senior Antivirus Analyst Carla Lynn said the issue stems from a command injection vulnerability that allows an attacker to target Zyxel with specially crafted packets. You said you can execute arbitrary code by sending it to the device.
“This flaw has a severity rating of 9.8 on the CVSS scoring system and was reported by the following researchers: TRAPASecurity’” wrote Lynn.
Zyxel immediately issued a security advisory on April 25, 2023 after Fortinet’s investigation revealed the vulnerability.Nevertheless, the Cybersecurity Infrastructure Security Agency (CISA) added a defect It entered the Known Exploited Vulnerabilities (KEV) catalog in May, indicating active exploitation in the wild.
Following the disclosure of this vulnerability, Fortinet observed an increase in malicious activity, especially in May. Through exploit traffic captures, Fortinet was able to confirm that the attacks were observed in Central America, North America, East Asia, and South Asia.
In particular, Lin said Fortinet has discovered multiple DDoS botnets, including Dark.IoT, a Mirai-based variant, exploiting this vulnerability to launch attacks.
Read more about Mirai malware: New Mirai variant campaign targets IoT devices
Antivirus analysts recommended that organizations using Linux platforms and Zyxel firewalls prioritize applying available patches and updates to reduce risk.
“To effectively combat this threat, it is important to prioritize patching and updating wherever possible. We strongly recommend taking proactive measures to ensure the security of these devices. .”
The new Fortinet advisory comes months after highlighting an April analysis by Recorded Future CISO Jason Steer. Increase in number of DDoS attacks What will happen in 2023 and how this trend relates to ransomware gangs.
