The UPnProxy vulnerability that was used more than a year ago as a National Security Agency (NSA) hacking tool is still going unpatched by hundreds of thousands of computers.
TechCrunch, citing new findings from security giant Akamai, reported that the vulnerability was already used to spread ransomware and was behind cryptocurrency attacks and is now targeting unpatched computers that are sitting behind the router’s firewall at companies. What’s more, according to the report Akamai said the hackers are using exploits that are more powerful to get through the router and infect individual computers that are connected to the network. That has the potential to create more damage if a lot of individual computers within a company are target. That, noted the report, gives hackers more devices it can target and makes the infected network stronger.
“While it is unfortunate to see UPnProxy being actively leveraged to attack systems previously shielded behind the NAT, it was bound to happen eventually,” Akamai’s Chad Seaman said in a report, according to TechCrunch. The report noted that hackers are using two exploits developed by National Security Agency — EternalBlue, a backdoor aimed at targeting Windows computers and EternalRoad, which is used to get into Linux devices, noted the report. Combined, Akamai is calling the new attack EternalSilince, noted TechCrunch.
According to Akamai, more than 45,000 devices are already under the hacker network which could amount to more than a million computers that are waiting for commands by the hackers. “The goal here isn’t a targeted attack,” said Seaman in the report covered by TechCrunch. “It’s an attempt at leveraging tried and true off the shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices.” Akamai said disabling UPnP could fix the issue, but the Akamai researcher said he thinks the routers should be replaced.