HomeCII/OTZyxel Firewalls Vulnerable to Helldown Ransomware Attacks

Zyxel Firewalls Vulnerable to Helldown Ransomware Attacks

Published on

spot_img

Recent cyberattacks have been targeting Zyxel Firewalls, exploiting a critical vulnerability to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) and Zyxel have issued warnings to organizations to take immediate steps to protect their network devices.

The vulnerability, known as CVE-2024-11667, affects the Zyxel ZLD firmware in the ATP and USG FLEX firewall series. Five German entities have already fallen victim to these attacks, highlighting the risks of leaving such vulnerabilities unpatched.

CVE-2024-11667 is a directory traversal vulnerability in the Zyxel ZLD firmware versions 4.32 to 5.38. This flaw allows attackers to bypass security measures and gain unauthorized access to systems, steal credentials, create backdoor VPN connections, and perform other malicious activities.

Devices running ZLD firmware versions between 4.32 and 5.38 with remote management or SSL VPN enabled are most at risk. It is crucial to note that devices managed through the Nebula cloud management system are not affected by this vulnerability.

The Helldown ransomware, which emerged in August 2024, is now exploiting CVE-2024-11667 to target vulnerable Zyxel firewalls. Derived from the LockBit ransomware builder, Helldown uses advanced techniques to infiltrate networks and encrypt valuable data, disrupting operations.

As of now, Helldown has listed 32 victims worldwide, including five organizations in Germany. The ability of the ransomware to exploit this vulnerability is concerning, as even patched systems may remain vulnerable if attackers can access them using unchanged administrator credentials.

The primary attack vector involves exploiting the CVE-2024-11667 vulnerability to gain initial access to targeted systems. Attackers then use post-exploitation tactics to establish persistent backdoors for continued access, leading to data exfiltration, file encryption, and operational disruptions.

Organizations using Zyxel firewalls should monitor their systems for signs of compromise, such as unusual VPN connections, changes to firewall rules, unauthorized logins, and stolen credentials for Active Directory access.

To mitigate risks, organizations should upgrade to ZLD 5.39, change passwords, remove unauthorized accounts, and tighten security policies. Zyxel recommends disabling unnecessary remote access, changing default ports, enabling two-factor authentication, and using Geo-IP filtering for enhanced security.

Regular backups, encryption, and continuous monitoring are essential for securing systems against ransomware attacks like Helldown. Timely firmware updates and strong access controls are critical in preventing future cyberattacks on network devices.

Source link

Latest articles

NSF Launches AI Coordination Hubs Program

NSF Launches New AI Coordination Hubs Program to Strengthen Regional Intelligence Capacity The National Science...

Device Code Phishing Featuring Selena Larson

Understanding the Evolving Landscape of Cyber Threats: Insights from Selena Larson Recent discussions in the...

How Dragos Acquisition Enhances Accenture’s OT Security Capabilities

Joint Accenture-Dragos Platform Enhances Operational Technology Security In a significant development in the realm of...

Phishing Campaign Employs Fake Invoice PDF to Distribute AsyncRAT, VenomRAT, and XWorm

Phishing Campaign Employing Fake Invoice PDFs A recent analysis has revealed an intricate phishing campaign...

More like this

NSF Launches AI Coordination Hubs Program

NSF Launches New AI Coordination Hubs Program to Strengthen Regional Intelligence Capacity The National Science...

Device Code Phishing Featuring Selena Larson

Understanding the Evolving Landscape of Cyber Threats: Insights from Selena Larson Recent discussions in the...

How Dragos Acquisition Enhances Accenture’s OT Security Capabilities

Joint Accenture-Dragos Platform Enhances Operational Technology Security In a significant development in the realm of...