+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Malware Attacks Target Zyxel End-Of-Life Routers

A five-year-old vulnerability is currently being exploited in Zyxel P660HN-T1A routers to introduce a Gafgyt malware variant onto target networks. An outbreak alert has been issued by Fortinet to inform users that this end-of-life router running versions before 7.3.15.0 v001/ 3.40 (ULM.0)b31 is being actively targeted in the wild. Zyxel published a security advisory back in 2019 about this vulnerability and the ability for attackers to exploit it to use the then-new Gafgyt variant to create a botnet of internet of things (IoT) devices. Unit42 security researchers at Palo Alto Networks investigated these 2019 attacks, which at the time also affected Huawei and Realtek routers, where the botnets were used to cause denial of service (DoS) on popular gaming servers, specifically those using the Valve source engine. 

This actively exploited legacy flaw is tracked as CVE-2017-18368 and has been assigned a critical severity rating, with a CVSS base score of 9.8/10. This is a command injection vulnerability that is found in the Remote System Log of vulnerable routers, affecting the forwarding function. An unauthenticated attacker can access this function and exploit the vulnerability through the remote_host parameter in the ViewLog.asp page. Attackers can then deploy the Gafgyt variant through performing remote code execution on the device. This malware can then spread across the network to IoT devices which are often left vulnerable as users neglect to patch or update these systems. This creates a botnet of these IoT devices which can be used by the attackers or sold on forums to provide botnet capabilities to less sophisticated cyber criminals.   

Although this vulnerability was patched by Zyxel in firmware version 3.40 back in 2019, the P660HN-T1A routers are now end-of-life products and have reached the end of their support life. The US Cybersecurity and Infrastructure Security Agency (CISA), a part of the US government, has recently added this vulnerability to their Known Exploited Vulnerabilities Catalog, confirming the current exploitation of this flaw encouraging all organisations to mitigate it as soon as possible. As this is an end-of-life product the best mitigation steps to take is to discontinue using it and replace it with a supported alternative that will continue to receive maintenance and security updates when required. Continuing to use vulnerable devices such as unpatched IoTs or end-of-life products puts network at risk but can also in cases such as this cause your network to become compromised in a way that will cause DoS to you as well as those targeted by the botnet, as your devices have been occupied, also costing you high data fees. Users should therefore patch and replace these vulnerable devices to mitigate these possible consequences of attack. 

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

CREST
CCS
ISO9001
ISO27001
CE-PLUS

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.