Massive UPnProxy router flaw leaves millions open to hack attacks

UPnProxy vulnerability could expose more than 45,000 routers to exploits linked to EternalBlue

More than 45,000 routers could be open to exploits linked to EternalBlue, the malware developed by the US' National Security Agency (NSA).

According to a blog post by security researchers at Akamai, the UPnProxy exploit targets routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445. This allows the obfuscation and routing of malicious traffic to launch denial of service attacks and spread malware to other devices. This exploit in routers has led to around two million networked devices, such as laptops and smartphones, being open to attack.

Advertisement - Article continues below

"While it is unfortunate to see UPnProxy being actively leveraged to attack systems previously shielded behind the NAT, it was bound to happen eventually," said Chad Seaman, one of the authors of the report.

The attack relies on two exploits, EternalBlue, a backdoor developed by the NSA to target Windows computers; and its "sibling" exploit EternalRed, used to backdoor Linux devices.

UPnProxy modifies port mapping on a vulnerable router while the Eternal exploits target ports used by SMBs on endpoint devices. Akamai has dubbed the new attack as "EternalSilence". 

Tens of thousands of routers have so far been affected, with millions more in the sights of attackers.

Advertisement
Advertisement - Article continues below

"The goal here isn't a targeted attack. It's an attempt at leveraging tried and true off the shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices," said Seaman.

"This shotgun approach may be working too, because there is a decent possibility that machines unaffected by the first round of EternalBlue and EternalRed attacks (that may have remained unpatched) were safe only because they weren't exposed directly to the internet. They were in a relatively safe harbor living behind the NAT."

Advertisement - Article continues below

While fixes for EternalBlue and EternalRed have been available over a year, millions of devices still remain unpatched and open to attack. 

"Administrators looking to try and gain an edge can scan themselves and see if they're exposed to these vulnerabilities, including scanning their UPnP NAT table to look for oddities. Lastly, perhaps investments into new routers and ensuring their configuration disables UPnP is a better long-term solution," said Seaman.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/business/policy-legislation/356256/uk-invested-about-ps500m-in-wrong-gps-satellites
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020
Visit/mobile/5g/356349/uk-to-remove-huawei-from-5g-networks-imminently
5G

UK to ban Huawei from 5G networks 'within weeks'

6 Jul 2020