Denmark’s Energy Infrastructure Pwned Via Zyxel Zero Day

Denmark’s, Non-profit SektorCERT reported on the nation’s largest cyber incident on record where attackers gained access to the systems of 22 Danish companies overseeing various components of energy infrastructure in May by exploiting a zero-day vulnerability in popular Zyxel firewalls.
Unfortunately, many of the observed attacks were possible because the companies had not updated their firewalls and had opted out of the software update because:

  • There was a charge for installation  
  • It was assumed the ‘new’ Zyxel firewall was the latest update
  • It was believed Zyxel was responsible for implementing the updates

 11 companies were “immediately” and simultaneously compromised allowing the attackers to gain control of the firewall and access the critical infrastructure behind it while preventing the energy companies from warning others in advance.

Several of the breached companies avoided significant impact by disconnecting the local or national power networks.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “It comes as no surprise to see this attack linked to a Russian military group such as VooDoo Bear, as many European countries that have supported Ukraine have become targets, especially in the energy sector. With eyes now turned to the Middle East, we may see even more aggressive and increasingly sophisticated attacks on the Ukraine and its allies, as the Russians perhaps see support from the West potentially wavering or at least seeing signs of fatigue.

   “Another take away from this incident is the short-sighted decision making that led to critical infrastructure providers not patching a known zero-day vulnerability in the Zyxel firewalls.”

Dave Ratner, CEO, HYAS follows with this:

   “Bad actors will build their own databases of which organization utilizes which suppliers, so that when a new zero-day vulnerability becomes known they can strike almost instantaneously.  Staying current on patches is of course always recommended; however, even this may not be enough if the criminals exploit the zero-day first.  It’s just one more reason to implement an operational resiliency strategy and ensuring a complete security-in-layers approach.”

Really, in 2023 there should be no excuse for not being proactive about updates. At this example illustrates, bad things will happen to those who don’t update all the things.

Leave a Reply

%d bloggers like this: