Quote:Disconnecting devices from the internet is no longer a solid plan for protecting them from remote attackers. A new version of a known network-address translation (NAT) slipstreaming attack has been uncovered, which would allow remote attackers to reach multiple internal network devices, even if those devices don’t have access to the internet.
According to researchers from Armis and Samy Kamkar, chief security officer and co-founder at Openpath Security, attackers can execute an attack by simply convincing one target with internet access on the network to click on a malicious link. From there, cybercriminals can gain access to other, non-exposed endpoints, including unmanaged devices like industrial controllers, with no further social engineering needed.
NAT is the process of connecting internal network devices to the outside internet; it essentially allows a router to securely allow multiple devices connected to it to share a single public IP address. In enterprise environments, NAT functions are combined with firewalls to provide better perimeter cybersecurity; products from Fortinet, Cisco and HPE all take this approach.
In the original NAT slipstreaming attack, revealed and mitigated in November, an attacker persuades a victim to visit a specially crafted website (via social engineering and other tactics); a victim within an internal network that clicks on it is then taken to an attacker’s website. The website in turn will fool the victim network’s NAT into opening an incoming path (of either a TCP or UDP port) from the internet to the victim device.
“Slipstreaming is easy to exploit as it’s essentially entirely automated and works cross-browser and cross-platform, and it doesn’t require any user interaction other than visiting the victim site,” Kamkar told Threatpost last fall.
Read more: https://threatpost.com/remote-attackers-...ng/163400/
![[-]](https://www.geeks.fyi/images/collapse.png)
