Router Malware Attack

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

In Jan, 2023: FortiGuard Labs observed severe IPS detections (peak of up-to 50,000 unique IPS devices) and associated malware activity exploiting older router vulnerabilities. In particular, MooBot and Enemybot Malware targeting D-Link routers (CVE-2015-2051) and Lucifer Malware, BotenaGo Botnet and Zerobot Malware exploiting vulnerabilities on unpatched Dasan GPON home routers (CVE-2018-10562, CVE-2018-10561).

FortiGuard Labs recommends upgrading the vulnerable routers to latest firmware and discontinue using end-of-life products if still in use. FortiGuard labs has already released multiple IPS and AV protections to block such attack attempts for our customers.

In June 2023: FortiGuard observed upto 18,000+ IPS devices that blocked attack attempts affecting some Zyxel CPE models. Zyxel has released firmware updates for RCE and DoS vulnerabilities which does not have assigned CVE number as of now. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-code-execution-and-denial-of-service-vulnerabilities-of-cpe

FortiGuard Labs also observed CVE-2023-26801, a vulnerability affecting LB-LINK devices targeted by the attackers and we see IPS detections of upto 5000+ devices.

With popularity of `Work from Anywhere`, company`s employees can get compromised easily if they are using vulnerable home router devices. Fortinet Zero Trust Access solutions provide continuous verification of all users, devices and checks for device posture as they access corporate applications and data. https://www.fortinet.com/solutions/enterprise-midsize-business/network-access/application-access