Security News > 2020 > March > Zyxel Flaw Powers New Mirai IoT Botnet Strain
In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices.
Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant - dubbed Mukashi - on Mar. 12.
The new Mirai strain targets CVE-2020-9054, a critical flaw that exists in many VPN firewalls and network attached storage devices made by Taiwanese vendor Zyxel Communication Corp., which boasts some 100 million devices deployed worldwide.
Like other Mirai variants, Mukashi constantly scans the Internet for vulnerable IoT devices like security cameras and digital video recorders, looking for a range of machines protected only by factory-default credentials or commonly-picked passwords.
Zyxel issued a patch for the flaw on Feb. 24, but the update did not fix the problem on many older Zyxel devices which are no longer being supported by the company.
News URL
https://krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/
Related news
- IoT Devices in Password-Spraying Botnet (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices (source)
- Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (source)
- Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 9.8 |