Security News

OT security: Helping under-resourced critical infrastructure organizationsIn this Help Net Security interview, Dawn Cappelli, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she's heading can help asset owners and operators of industrial infrastructure. Trends to watch when creating security strategy for the next two yearsExecutive performance evaluations will be increasingly linked to ability to manage cyber risk; almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organizations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner.

Researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

The ability to not only hop on a LAN from a SOHO device and then stage further attacks suggests that the RAT may be the work of a state-sponsored actor, they noted in a blog post published Wednesday. The level of evasion that threat actors use to cover up communication with command-and-control in the attacks "Cannot be overstated" and also points to ZuoRAT being the work of professionals, they said.

Black Lotus Labs, a threat intelligence team within Lumen Technologies, has recently exposed a new modus operandi for an attack campaign that went undiscovered for nearly two years. One of its most intriguing characteristics is that it targets small office / home office routers as an initial point of compromise, in addition to being particularly stealth.

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office routers as part of a sophisticated campaign targeting North American and European networks. The malware "Grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," researchers from Lumen Black Lotus Labs said in a report shared with The Hacker News.

A newly discovered multistage remote access trojan dubbed ZuoRAT has been used to target remote workers via small office/home office routers across North America and Europe undetected since 2020. The start of this campaign roughly lines up with a quick shift to remote work after the start of the COVID-19 pandemic which drastically increased the number of SOHO routers used by employees to access corporate assets from home.

Black Lotus Labs discovered a new remote access trojan called ZuoRAT, which targets remote workers via their small office/home office devices, including models from ASUS, Cisco, DrayTek and NETGEAR. Overview of campaign elements. The campaign included ZuoRAT - a multi-stage RAT developed for SOHO routers leveraging known vulnerabilities - which allowed the threat actor to enumerate the adjacent home network, collect data in transit, and hijack home users' DNS/HTTP internet traffic.

Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices.

PfSense also offers its own routers under the name Netgate for those who want an experience closer to a bundled hardware and software option, such as with Netgear, but with the added options and flexibility pfSense offers. Due to the variety of hardware configurations with both pfSense and Netgear, this comparison will mostly focus on software settings and the key features between the two.

Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can't be fixed due to technical limitations outside of their control, and is offering users a free or discounted replacement router. Netgear's BR200 and BR500 VPN routers are marketed as remote networking solutions for small to medium-size businesses and home offices, and provide features such as a site-2-site VPN connection, a firewall, remote configuration and monitoring, and more.