A special report crafted by computer forensics experts has been sent to the companies Zyxel and LILIN after it was discovered that their Internet of Things (IoT) devices are being compromised for the purpose of integrating them into various botnets and deploy massive denial of service (DoS) attacks.
The first part of the report refers to CVE-2020-9054, a known command injection vulnerability present in Zyxel’s firewalls, network-attached storage (NAS) devices and enterprise VPN solutions. According to the specialists, a group of threat actors is employing Mukashi, a new variant of the Mirai botnet source code, to infect these devices. Affected Zyxel products are listed below:
- NAS devices: NAS326, NAS520, NAS540 & NAS542
- Firewalls, gateways and enterprise VPNs: ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310 & ZyWALL1100
In the past few days Zyxel released firmware updates for exposed devices, so it is recommended that administrators of affected deployments update as soon as possible. In addition, computer forensics experts issued some recommendations to mitigate this risk if they are unable to update at this time:
- Block access to the web interface (80/tcp and 443/tcp) of any vulnerable Zyxel device
- Do not expose a vulnerable device on the public Internet
On the other hand, LILIN was informed that its digital video recorders (DVR) and IP cameras have been exposed for months, a situation that botnet administrators such as Chalubo and FBot have taken advantage of.
Computer forensics specialists from Netlab research team say that the administrators of these botnets have been exploiting multiple command injection and arbitrary file reading vulnerabilities to compromise these devices. The firmware of the following devices must be updated:
- DVR devices: LILIN DHD516A, LILIN DHD508A, LILIN DHD504A, LILIN DHD316A, LILIN DHD308A & LILIN DHD304A
- IP cameras: LILIN DHD204, LILIN DHD204A, LILIN DHD208, LILIN DHD208A, LILIN DHD216 & LILIN DHD216A
Firmware updates for these devices have already been released by LILIN, as noted by the International Institute of Cyber Security (IICS). Users of affected deployments are recommended to upgrade as soon as possible.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.