NSA hacking tools being used to attack thousands of computers

By Digit NewsDesk | Updated 30 Nov 2018
NSA hacking tools being used to attack thousands of computers
  • Though fixes for some of these attacks have been available for over a year now, countless computers remain unpatched and vulnerable.

It’s been over a year since many of NSA’s exploits leaked online and as a result, over hundreds of thousands of computers remain unpatched and vulnerable to date. These exploits were initially used to spread ransomware and cryptocurrency mining attacks but now, it seems hackers are using the leaked tools to create an even larger malicious proxy network, reports TechCrunch.

advertisements

Akamai, the American content delivery network, did some digging around and found that the previously reported UPnProxy vulnerability, which misuses the common Universal Plug and Play network protocol, is now capable of targeting unpatched computers behind the router’s firewall. “While it is unfortunate to see UPnProxy being actively leveraged to attack systems previously shielded behind the NAT, it was bound to happen eventually,” commented Akamai’s Chad Seaman, the author of the report.

The new injection attacks use two exploits: EternalBlue (for Windows computers) and EternalRed (for Linux machines), which are backdoors created by the NSA to target computers. While UPnProxy modified the port mapping on a router that was vulnerable, the two Eternal exploits target the service ports used by SMB, which is a common networking protocol used on most computers. Akamai calls the two exploits EternalSilence collectively.

“The goal here isn’t a targeted attack,” added Seaman. “It’s an attempt at leveraging tried and true off the shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices.” The problem is Eternal-based attacks are hard to detect. So it becomes difficult for administrators to even know if they’re attacked. Though fixes for the Eternal-based attacks have been around for a over a year, many computers remain unpatched and therefore, vulnerable. According to Seaman, flashing an affected network router and immediately disabling UPnProxy could solve the issue but completely replacing the router is always better.

advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

Integration of testing tools
Sachin Bhoskar
Jun 3, 2017
Responses
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements