December 16, 2023 at 11:53AM
Akamai’s Security Intelligence Response Team discovered the ‘InfectedSlurs’ botnet exploiting zero-day vulnerabilities in routers and QNAP VioStor NVR devices, resulting in a DDoS swarm. Two vulnerabilities, CVE-2023-49897 and CVE-2023-47565, were leveraged. Akamai published follow-up reports as security updates became available. Affected users are advised to update firmware, change passwords, and replace end-of-life devices.
From the meeting notes, the key takeaways are:
– A Mirai-based botnet named ‘InfectedSlurs’ is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm.
– The botnet was discovered by Akamai’s Security Intelligence Response Team (SIRT) and exploited two zero-day vulnerabilities in routers and NVR devices starting in late 2022.
– Akamai initially did not disclose details about the vulnerabilities but later published two follow-up reports to address the gaps in the original report.
– The first zero-day flaw is tracked as CVE-2023-49897 and impacts FXC AE1021 and AE1021PE WiFi routers, with a security update released on December 6, 2023.
– The second zero-day vulnerability is CVE-2023-47565, impacting QNAP VioStor NVR models running QVR firmware 4.x, which was fixed in QVR firmware 5.x and later.
– It’s deduced that the Infected Slurs botnet targets legacy VioStor NVR models that never updated their firmware after initial setup, and it is recommended to update the firmware and change user passwords on vulnerable NVR devices.
– VioStor NVR models that have reached end-of-life may not have available updates and should be replaced with newer, actively supported models.
These points summarize the critical information regarding the security vulnerabilities and necessary actions to mitigate the risks associated with the InfectedSlurs botnet.