In recent news, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning on severe vulnerability in the Ruckus Wireless Admin panel. This vulnerability, known as CVE-2023-25717, allows for remote code execution (RCE) and is currently being actively exploited by a newly discovered DDoS botnet. Despite releasing a patch in February, many Wi-Fi access point owners are yet to apply the necessary updates. Unfortunately, for those with end-of-life models affected by the issue, no patch is currently available.
Exploitation and Malware:
Attackers are taking advantage of the vulnerability by infecting vulnerable Wi-Fi access points with a strain of malware called AndoryuBot. This malicious software, first identified in February 2023, is delivered through unauthenticated HTTP GET requests. Once compromised, the infected devices are enlisted into a botnet specifically designed to launch Distributed Denial-of-Service (DDoS) attacks.
Capabilities of AndoryuBot:
The AndoryuBot malware possesses a range of DDoS attack modes, including tcp-raw, tcp-socket, tcp-cnc, tcp-handshake, udp-plain, udp-game, udp-ovh, udp-raw, udp-vse, udp-dstat, udp-bypass, and icmp-echo. These attack modes enable cybercriminals to overwhelm targeted systems and disrupt their normal operations.
AndoryuBot's Availability for Rent:
In a concerning development, the operators of the AndoryuBot botnet are now offering their DDoS attack services for rent. This means that individuals with malicious intent can employ the botnet's firepower to launch devastating DDoS attacks. Payments for this service can be made using various methods, including the CashApp mobile payment service or popular cryptocurrencies like XMR, BTC, ETH, and USDT.
Urgent Patching Requirements for Federal Agencies:
To mitigate the risks posed by this critical vulnerability, CISA has set a deadline of June 2nd for U.S. Federal Civilian Executive Branch Agencies (FCEB) to secure their devices against the CVE-2023-25717 RCE bug. This directive aligns with a binding operational directive issued in November 2021, which mandates federal agencies to identify and resolve security flaws listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. While primarily focused on federal agencies, private companies are also strongly advised to address vulnerabilities listed in the KEV catalog due to active exploitation by threat actors, which exposes both public and private organizations to increased security risks.
Additional Windows Zero-Day Vulnerability:
In addition to the Ruckus Wireless vulnerability, CISA has also instructed federal agencies to patch a Windows zero-day vulnerability (CVE-2023-29336) by May 30th. This particular vulnerability allows attackers to elevate privileges and gain SYSTEM user permissions on compromised Windows systems. While Microsoft has confirmed the exploitation of the Win32k Kernel driver bug, specific details regarding the method of exploitation have not been disclosed at this time.
The recent warning from CISA regarding the critical RCE flaw in Ruckus Wireless APs highlights the urgent need for organizations to address vulnerabilities promptly. By staying proactive in patching systems and following recommended security practices, both public and private entities can mitigate the risks posed by cyber threats and safeguard their networks from potential DDoS attacks and other security breaches.
At Secure n Comply, we have experience serving clients in a variety of industries. From healthcare and finance to retail and technology, we have helped businesses of all sizes and types protect their assets and meet regulatory requirements.
Customers Served
Compliance
Cybersecurity Projects
IPs Secured
Applications Secured
Secure n Comply, (a division of Allied Boston), is a trusted and renowned Cyber Security firm with over two decades of experience offering Global Cyber Security Services.
Secure n Comply takes pride in its extensive global network of industry-leading experts who are meticulously employed and actively engaged to ensure our processes remain up to date.
We ensure round-the-clock monitoring, communication, and resolution by assigning dedicated team members.
Facilitated the advancement of multiple businesses worldwide, expediting their secure digital transformation endeavors.
Our offerings are custom-designed to align seamlessly with the distinct needs and requirements of your organization.
We are committed to generating client-centric value and forging long-lasting partnerships to drive mutual growth.
Don't wait another moment and let’s embark on this transformative journey together to pave the way for an unbreakable defense.
Get started now!
2023 Secure n Comply(Division of Allied Boston) | Designed and Developed By Peprsoft Inc.
You are just a few steps away from securing your Digital assets, Get in touch with our experts now!