NSA hacking tools being used to attack thousands of computers

By Digit NewsDesk | Published on 30 Nov 2018
NSA hacking tools being used to attack thousands of computers
HIGHLIGHTS

Though fixes for some of these attacks have been available for over a year now, countless computers remain unpatched and vulnerable.

Advertisements

Working from home?

Don’t forget about the most important equipment in your arsenal

Click here to know more

It’s been over a year since many of NSA’s exploits leaked online and as a result, over hundreds of thousands of computers remain unpatched and vulnerable to date. These exploits were initially used to spread ransomware and cryptocurrency mining attacks but now, it seems hackers are using the leaked tools to create an even larger malicious proxy network, reports TechCrunch.

Akamai, the American content delivery network, did some digging around and found that the previously reported UPnProxy vulnerability, which misuses the common Universal Plug and Play network protocol, is now capable of targeting unpatched computers behind the router’s firewall. “While it is unfortunate to see UPnProxy being actively leveraged to attack systems previously shielded behind the NAT, it was bound to happen eventually,” commented Akamai’s Chad Seaman, the author of the report.

The new injection attacks use two exploits: EternalBlue (for Windows computers) and EternalRed (for Linux machines), which are backdoors created by the NSA to target computers. While UPnProxy modified the port mapping on a router that was vulnerable, the two Eternal exploits target the service ports used by SMB, which is a common networking protocol used on most computers. Akamai calls the two exploits EternalSilence collectively.

“The goal here isn’t a targeted attack,” added Seaman. “It’s an attempt at leveraging tried and true off the shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices.” The problem is Eternal-based attacks are hard to detect. So it becomes difficult for administrators to even know if they’re attacked. Though fixes for the Eternal-based attacks have been around for a over a year, many computers remain unpatched and therefore, vulnerable. According to Seaman, flashing an affected network router and immediately disabling UPnProxy could solve the issue but completely replacing the router is always better.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status