April 8, 2024 at 06:23PM
Attackers target over 92,000 unpatched end-of-life D-Link NAS devices with a critical remote code execution vulnerability. Exploiting a hardcoded account and command injection flaw, threat actors deploy a Mirai malware variant to create botnets for large-scale DDoS attacks. D-Link has ceased support for these devices, advising owners to retire or replace them.
Based on the meeting notes, the key takeaways are:
– Over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices are actively being targeted by attackers due to a critical remote code execution (RCE) zero-day flaw (CVE-2024-3273).
– The vulnerability allows threat actors to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions.
– D-Link has confirmed that these end-of-life (EOL) NAS devices will not receive security updates, and therefore recommends retiring or replacing them with products that receive firmware updates.
– The affected D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, have already reached their end of service life and no longer have fixed firmware available. D-Link advises owners to retire and replace these devices.
– D-Link has released a security advisory and created a support page for legacy devices, urging owners to retire or replace the affected devices as soon as possible.
– NAS devices should not be exposed online, and if used against D-Link’s recommendation, owners should ensure that the device has the last known firmware.
– The ongoing attacks on vulnerable D-Link NAS devices are using a variant of the Mirai malware to add infected devices to a botnet that can be used in large-scale distributed denial-of-service (DDoS) attacks.
– D-Link also warns that NAS devices are commonly targeted in ransomware attacks to steal or encrypt data.
These takeaways summarize the urgency and severity of the situation and the actions recommended by D-Link to address the security vulnerability.