Zyxel firewalls under active threat from hackers, as warned by CISA and German cyber authorities.
**Breaking News: Helldown Ransomware Attacks Leveraging Zyxel Firewall Vulnerability**
A recent surge in cyberattacks has been linked to the Helldown ransomware, which exploits a path traversal vulnerability (CVE-2024-11667) in Zyxel firewalls. This vulnerability, with a CVSS score of 7.5, can potentially grant attackers unauthorized access to sensitive parts of the system, leading to a range of malicious activities.
The CVE-2024-11667 vulnerability affects multiple Zyxel firewall firmware versions, specifically those from 5.00 to 5.38. Most of the victims of Helldown were located in the United States, with the majority being small to medium-sized businesses, although a few larger organizations were also targeted.
Attackers have been observed establishing local accounts on Zyxel firewalls, downloading advanced port scanners from GitHub, and using Mimikatz to dump credentials from the active directory of targeted companies. Antivirus software was also disabled on targeted networks, making it easier for the attackers to carry out their malicious activities.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-11667 to its known exploited vulnerabilities catalog, underscoring the urgency of addressing this issue.
To mitigate the risk of such attacks, Zyxel Networks is urging users to immediately update their firmware and change their admin passwords. Other recommended strategies include regular patch management, network segmentation, robust monitoring and detection, and strict access controls.
German officials have warned about the exploitation of this vulnerability in Zyxel firewalls to deploy Helldown ransomware. The ransomware was first observed in August and named about 32 victims on its leak site before it became inaccessible on Nov. 21. Some victims were using end-of-life versions of Zyxel firewalls, while others were still using more recent versions with supported firmware.
By understanding these general tactics and implementing robust defensive strategies, organizations can better protect themselves against such cyber threats. Stay vigilant and keep your systems updated.
- The Helldown ransomware is using a path traversal vulnerability (CVE-2024-11667) in Zyxel firewalls to gain unauthorized access, which could lead to malicious activities in cybersecurity.
- Attackers are exploiting the CVE-2024-11667 vulnerability, a known exploited vulnerability, to download advanced port scanners and use Mimikatz to access sensitive parts of targeted companies' systems.
- To prevent such attacks, it's crucial to promptly update Zyxel firewall firmware, change admin passwords, and implement regular patch management, network segmentation, robust monitoring and detection, and strict access controls – key strategies in cybersecurity technology.
