原文标题:Zyxel Firewalls and VPNs Under Active Cyberattack
合勤防火墙和VPN等产品存在资安漏洞
原文连结:
https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html?m=1
发布时间:June 25, 2021
(请以原文网页/报纸之发布时间为准)
原文内容:
Taiwanese networking equipment company Zyxel is warning customers of an
ongoing attack targeting a "small subset" of its security products such as
firewall and VPN servers.
Attributing the attacks to a "sophisticated threat actor," the firm noted
that the attacks single out appliances that have remote management or SSL VPN
enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running
on-premise ZLD firmware, implying that the targeted devices are publicly
accessible over the internet.
"The threat actor attempts to access a device through WAN; if successful,
they then bypass authentication and establish SSL VPN tunnels with unknown
user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to
manipulate the device's configuration," Zyxel said in an email message, which
was shared on Twitter.
As of writing, it's not immediately known if the attacks are exploiting
previously known vulnerabilities in Zyxel devices or if they leverage a
zero-day flaw to breach the system. Also unclear is the scale of the attack
and the number of users affected.
To reduce the attack surface, the company is recommending customers to
disable HTTP/HTTPS services from the WAN and implement a list of restricted
geo-IP to enable remote access only from trusted locations.
Earlier this year, Zyxel patched a critical vulnerability in its firmware to
remove a hard-coded user account "zyfwp" (CVE-2020-29583) that could be
abused by an attacker to login with administrative privileges and compromise
the confidentiality, integrity, and availability of the device.
The development comes as enterprise VPNs and other network devices have
become a top target of attackers in a series of campaigns aimed at finding
new avenues into corporate networks, giving the threat actors the ability to
laterally move across the network and gather sensitive intelligence for
espionage and other financially-motivated operations.
心得/评论: ※必需填写满20字
简单来说,有漏洞的 USG/ZyWALL, USG FLEX, ATP, VPN 这些产品的ZLD韧体
因为是网通设备,这些漏洞可能让使用者的内网存在资安风险。
攻击的途径是从WAN,可以bypass authentication 进行 SSL VPN 连线。
目前受影响的范围和客户数量没有具体的数字。
合勤给客户的告知/SOP信件:
https://i.imgur.com/5feF8OD.jpg