HQ/EMEAFind out how we can help your business
New research revealed that the Gafgyt botnet operations are trying to exploit a five-year-old vulnerability in the end-of-life Zyxel P660HN-T1A router. The daily attacks have reached thousands.
Based on reports, the new malware attack targets CVE-2017-18368, which has a critical severity score of 9.8 out of 10. The flaw is an unauthenticated command injection bug in the router’s Remote System Log forwarding function. Zyxel patched the flaw in 2017.
The new Gafgyt botnet is still targeting vulnerable routers.
The router manufacturing company previously noted that the threat from the new Gafgyt botnet variant could still infect unpatched software. Hence, Zyxel urges its users that still use outdated firmware versions to upgrade to the latest version to thwart botnet operators’ attempts at takeover.
Unfortunately, researchers still see an average of 7,000 daily attacks since the start of last month, with the volume of attacks continuing. Additionally, researchers have yet to identify the portion of the attack that caused the successful compromise, but the cybercriminal attacks have remained steady since last month.
CISA also published a threat advisory earlier this week about the ongoing exploitation of the earlier-mentioned flaw in the wild after it included the flaw in its catalogue of exploited vulnerabilities.
The cybersecurity agency requires federal organisations to update their Zyxel firmware to its latest versions by the end of the month.
The router’s company also updated its security advisory, advising its customers that the flaw only affected devices that run on firmware versions 7.3.15.0 or older. Therefore, the recent attacks affect the P66HN-T1A router that operates in the latest version available in 2017 to solve the vulnerability.
Unfortunately, the vendor explained that the device had reached end-of-life, which the company could no longer support, so users should switch to new models.
Cybersecurity experts explained that routers that may have suffered infection could experience unstable connectivity, overheating, unresponsiveness, unexpected reboots, configuration changes, and atypical network traffic.
Currently, the router vendor suggests that users perform a factory reset, update device firmware, and alter the default admin user credentials if they believe their routers got infected by the botnet malware.
