Zyxel VPN security flaw targeted by new ransomware attackers
Date:
Wed, 20 Nov 2024 16:02:00 +0000
Description:
Small and medium-sized businesses in the US and Europe are being targeted using Zyxel VPN flaw.
FULL STORY ======================================================================Research ers spot Helldown exploiting Zyxel VPN to breach networks The flaw was previously undisclosed The crooks mostly target SMBs in the US and Europe
There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, steal their data, and encrypt their systems.
The group is called Helldown, and has been active since summer 2023, a new report from cybersecurity researchers has revealed Sekoia, noting the group most likely uses a previously undisclosed vulnerability in Zyxels firewalls for initial access.
Furthermore, the group seems to be exploiting CVE-2024-42057, a command injection bug in IPSec VPN that, in certain scenarios, grants unauthenticated users the ability to run OS commands. Dozens of victims
When they breach a target network, they steal as many files as they can, and encrypt the system. For encryption, they seem to be using a piece of software developed from the leaked LockBit 3 builder. The researchers said the encryptor was relatively basic, but also probably still under development.
As basic as it is, the encryptor still locked down at least 31 organizations, as thats the number of victims listed on the groups data leak site. According to BleepingComputer , between November 7 and today, the number dropped to 28, which could be a hint that some organizations paid the ransom demand. We dont know who the victims are, or how much money the crooks demanded in return for the decryption key and for keeping the data secure.
Most of the victims seem to be small and medium-sized organizations in the United States and Europe.
If the researchers are indeed right, and Helldown does use flaws in Zyxel and IPSec instances to breach the networks, the best way to defend would be to keep these devices up to date, and limit access to trusted accounts only. CVE-2024-42057 that plagues IPSec was fixed on September 3, and the earliest clean firmware version is 5.39. For Zyxel, since the vulnerability is still undisclosed, it would be wise to keep an eye on upcoming advisories and
deploy the patch as soon as its published.
Via BleepingComputer You might also like Thousands of Oracle NetSuite ERP websites found leaking private customer information Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/zyxel-vpn-security-flaw-targeted-by-new -ransomware-attackers
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)