Security Incident Alert! Zyxel Firewall & Routers
If your network uses Zyxel routers or VPN devices, you want to be aware of possible security incidents. Take the steps needed to protect your company and your assets from any security breaches. The good news is, even if you have fallen victim to a security incident, there are a few things you can do to protect your networks and get back online. Once Zyxel identified the security threat, they did a good job in stepping up and finding patches to fix the issue. Do not fret if you find yourself the victim of a security incident.
Does your network use Zyxel routers or VPN devices?
There has been a lot of exploitation of Zyxel routers and VPN devices that have been reported by Zyxel. The manufacturer is aware of the exploitation and cautions its consumers. Zyxel has announced that organizations being targeted are the ones that are making use of Zyxel Unified Security Gateway (USG) and ZyWALL, which is the USG FLEX combined firewall and VPN gateway. If you use any of those products, you might want to make sure your systems are protected from security vulnerabilities.
Be aware that attackers seem to be using hardcoded accounts to access devices remotely, meaning they do not even have to be in proximity to do some serious damage to your networks. They can be across the world and potentially VPN and hack your system. You need to put firewalls in place to keep out security incidents.
What are the Symptoms of an Attack?
You might find that you have issues accessing the VPN, or routing, traffic, and login issues, according to Zyxel. If you think your network is experiencing slowness or you are having unforeseen password problems, that could also mean your network has been affected.
The bottom line is, if your computer and your systems are acting slowly and differently than usual, you might want to stop and check if your security system has been breached. Computer attacks affect systems in all sorts of ways, from password problems to connectivity slowness to even breaching your files. You want to get help immediately as the sooner you act to get your IT system protected the less damage a security incident will cause to your network. To keep the incident as isolated as possible, you will want to take measures to shut down the incident and protect your firewall.
What happens after an Attack?
After your systems are attacked, Zyxel states that perpetrators often use credentials to bypass authentication. This then lets them establish SSL VPN tunnels with existing or newly created users’ accounts, which could cause a lot of damage within your network. Anytime someone can bypass authentication and hack your network, you are going to find your system exposed to vulnerabilities that could leave all your data and information out there.
While your systems are going to be vulnerable and you run the risk of your data being hacked, there are steps you can take and patches you can install to get your information protected again.
What does a Hacker do with your information?
The good news is Zyxel has been working with a team of third-party security researchers to figure out exactly what happens to your information after a hack. They determined that they could use a variety of different attack vectors, which could include:
- They might be using the user credentials that they got when they hacked you in an earlier vulnerability. In some cases, there were previous security incidents that Zykel put out patches for, but in some cases the threat actors still continued to use real log-in credentials that they obtained in those incidents. In some cases, they also created new valid log-in credentials, which they could use once they hacked in and stole the original log-ins.
- There are also some new authentication bypass vulnerabilities that you might be exposed to. In some cases, old patches did not work to safeguard information and an adversary could still gain access to all your data and files.
Unfortunately, there is a wide variety of adverse ways hackers can hurt your company if your system is hacked. For that reason, you want to take immediate measures to safeguard information.
What should you do if you have an Attack?
One of the best things you can do as either a preventative measure or if you have a security incident is to delete all unknown admin and user accounts. Clean up your system, so you don’t leave yourself exposed or vulnerable to a security incident. You can also consider installing some firmware patches. The nice thing is you should be able to install these patches by yourself and instantly sure up your networks to protect against security incidents.
What kind of firmware patches are available? Zyxel has actually gone ahead and come out with a variety of standard firmware patches, which are the best solution for any system that has been affected. Within the patches, you will also find some other security enhancements. Zyxel came up with these when they took into consideration the feedback offered by its users. They also listened to security experts who provided professional insight as to how to better improve security.
While the firmware patches are the quickest, safest, and easiest way to protect yourself from an attack and to prevent an attack, they are not always the easiest to install. For that reason, you might want an IT security team to work on your behalf.
IT security is a big deal and there are a lot of security incidents that could slow down your company. Reach out and contact us today for any questions about IT security. We have seen and done it all when it comes to protecting your networks from viruses and security vulnerabilities. We are here for you from the most basic question to the most complicated IT security defense! If you are not comfortable installing a firmware patch on your own, our team can help you every step of the way to make sure your networks are secure.