Hackers are opening SMB ports on routers so they can infect PCs with NSA malware

[ Nov 29, 2018 ]

Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers.

The technique relies on exploiting vulnerabilities in the UPnP services installed on some routers to alter the device’s NAT (Network Address Translation) tables.

NAT tables are a set of rules that control how IPs and ports from the router’s internal network are mapped onto a superior network segment –usually the Internet.

In April, hackers were using this technique to convert routers into proxies for regular web traffic, but in a report published today, Akamai says it’s seen a new variation of UPnProxy where some clever hackers are leveraging UPnP services to insert special rules into routers NAT tables.

Furthermore, Akamai also believes hackers deployed EternalRed, a variant of EternalBlue that can infect Linux systems via Samba, the SMB protocol implementation for Linux.

Cyber Security Tips :

  • In order to recover from or prevent an attack, device owners can either purchase a new router that doesn’t have the UPnP vulnerabilities that enable this type of abuse or ensure that UPnP is disabled if they’re vulnerable.
  • Device owners should also consider rebooting the router itself or possibly flashing the router to the original factory settings and configure it with UPnP completely disabled.
  • It’s also advisable to check for firmware updates, as some routers may have published fixes for this issue.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: