EXECUTIVE SUMMARY:

In a year when major global ransomware attacks like WannaCry and Petya stopped business in its tracks, costing billions of dollars, the most basic lesson to be learned is that if you don’t take patching seriously, you’re not paying attention.

Earlier this month, Microsoft issued an emergency patch for Windows, to address a critical vulnerability in its Malware Protection Engine. It was significant because left unpatched, cyberattackers could exploit the vulnerability and take full control of Windows 7, 8, 10, and Windows Server systems. That’s a lot of control in the wrong hands.

Fast forward to today, where a new zero-day vulnerability in the Huawei home router HG532 has been discovered. Already, thousands of attempts to exploit it have been found in the wild, according to Check Point researchers.

To make its router easy to integrate with home and corporate networks, Huawei applies the Universal Plug and Play (UPnP) protocol via the TR-064 technical report standard. TR-064 lets engineers implement changes to the device from within the internal network.

But, researchers found that because of the vulnerability, TR-064 implementation in Huawei devices lets cyberattackers remotely execute malicious code. In fact, researchers spotted OKIRU/SATORI malware being injected in order to build a new variant of the Mirai botnet. With this discovery, researchers alerted Huawei; the technology firm then patched the vulnerability and updated its customers.

The person behind the attempted botnet had been active in hacker forums, to get advice on how to build an attack tool. Which leads to yet another lesson from 2017: Even amateurs can rock the cyber world.

Get the full story at the Check Point blog.