A critical flaw in Zyxel devices has been exploited by distributed DDoS botnets, granting attackers remote control over vulnerable systems.
A critical flaw in Zyxel devices has been exploited by distributed denial-of-service (DDoS) botnets, granting attackers remote control over vulnerable systems.
It was discovered in April 2023. Security researchers determined that the attacks occurred in multiple regions, including Central America, North America, East Asia, and South Asia, indicating widespread exploitation of this weakness.
The flaw tracked as CVE-2023-28771 (CVSS score: 9.8) is a command injection bug that affects multiple firewall models and allows unauthorized actors to execute malicious code by sending a specifically crafted packet to the targeted appliance.
Last month, the Shadowserver Foundation warned that exploiting the CVE-2023-28771 flaw has allowed multiple botnets to capitalize on the situation, leading to a surge in DDoS attacks. And build a Mirai-like botnet since 26 May 2023, indicating the rising abuse of servers running unpatched software.
This comprises Mirai botnet variants such as Dark.IoT and a new botnet named Katana. These botnets utilize TCP and UDP protocols to launch devastating DDoS attacks against various targets. Researchers said these campaigns used multiple servers and quickly updated their tactics to maximize the compromise of Zyxel devices.
The rising sophistication of DDoS attacks poses an alarming challenge to cybersecurity experts. Threat actors devise novel ways to evade detection, notably imitating browser behaviour and maintaining relatively low attack rates per second.
Adding to the complexity is the use of DNS laundering attacks to conceal malicious traffic through reputable recursive DNS resolvers, and virtual machine botnets are being used to orchestrate hyper-volumetric DDoS attacks, further complicating defence mechanisms.
Another noteworthy factor contributing to the increase in DDoS offensives is the emergence of pro-Russian hacktivist groups, such as KillNet, REvil, and Anonymous Sudan (Storm-1359). That has overwhelmingly focused on targets in the U.S. and Europe.
KillNet's regular creation and absorption of new groups is an attempt to continue to garner attention from Western media and enhance its operation's influence component. There is no evidence to connect REvil to the well-known ransomware group; their activities align with Russian geopolitical priorities, as indicated by security analysis.
Exploiting the critical flaw in Zyxel devices has led to a rise in DDoS botnets, posing severe threats to organizations worldwide. Security experts must remain vigilant and proactively address the evolving tactics of threat actors.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?