Subj : Mirai-esque botnet is hitting Zyxel NAS devices To : All From : TechnologyDaily Date : Tue Jun 25 2024 20:15:05 Mirai-esque botnet is hitting Zyxel NAS devices Date: Tue, 25 Jun 2024 19:11:21 +0000 Description: Affected NAS devices had reached end-of-life, but there is a patch, so make sure to protect your endpoints straight away. FULL STORY ====================================================================== A botnet, strikingly similar to the dreaded Mirai, is targeting Zyxel NAS instances that have passed their end-of-life date, new research has claimed. A report from the Shadowserver Foundation, a security organization that keeps track of cyber-threats, says the threat actors recently started scanning for one of the three flaws - CVE-2024-29973 - which is a command injection vulnerability. The goal, apparently, is to assimilate the endpoints into a botnet. Botnets In March 2024, cybersecurity researchers Outpost24 discovered three vulnerabilities in Zyxels network attached storage endpoints - CVE-2024-29973, CVE-2024-29972 and CVE-2024-29974. All three have a severity score of 9.8 (critical), and were found affecting NAS326 (running version V5.21(AAZF.16)C0 and earlier) and NAS542 (running versions V5.21(ABAG.13)C0 and earlier). Fast-forward a few months, and now threat actors have started targeting the vulnerable endpoints. A botnet is essentially a network of bots - compromised endpoints whose computing power and internet bandwidth can be used for malicious purposes. Botnets are usually used for distributed denial of service ( DDoS ) attacks, or for lending out bandwidth and IP addresses for illegal residential proxy services. It is also worth mentioning that while these two Zyxel NAS devices reached their end-of-life, the Taiwanese company still decided to patch them up, since some organizations have extended warranty for the devices. Therefore, if your organization is using these products, it would be wise to apply the patches immediately. Furthermore, completely disconnecting and replacing them with newer, supported models, would be an even better solution. Network attached storage devices such as these are often targeted by criminals, due to their importance in the organization, and frequent misconfiguration. Besides Zyxel, threat actors are constantly on the lookout for D-Link, or QNAP devices, to target. In fact, in early April, it was reported that thousands of end-of-life D-Link NAS devices came with a high-severity vulnerability that allowed attackers to run malicious code, steal sensitive data, and mount denial-of-service (DoS) attacks. Via The Register More from TechRadar Pro Thousands of D-Link NAS devices have serious backdoor security issues Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/mirai-esque-botnet-is-hitting-zyxel-nas -devices --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .