277K Vulnerable Routers Expose 1.7 Million Devices to EternalSilence SMB Attacks

[silversurfer]

Around 45,000 routers were compromised using a UPnP NAT injection attack which targets SMB services according to an Akamai SITR report.

The attackers use a malicious proxy system dubbed UPnProxy which previously was employed by bad actors at the beginning of 2018 to route traffic in spam, click fraud, DDoS, or phishing campaigns.

On November 7, Akamai's researchers discovered that the UPnProxy vulnerability which affects around 277,000 devices out of a total of 3.5 million potential victims was already used to compromise roughly 45,000 routers in an extensive campaign.

However, this time, Akamai's research found that the threat group behind the UPnProxy campaign is using a previously theoretical attack which would allow attackers to exploit computers behind compromised Internet routers.

The new type of attacks utilizes a family of injections named EternalSilence which expose the 139 and 445 TCP ports to the Internet on router-shielded devices and are believed to employ NSA leaked Eternal exploits to compromise their targets.

"Currently, the 45,113 routers with confirmed injections expose a total of 1.7 million unique machines to the attackers," said Akamai in their analysis. "We've reached this conclusion by logging the number of unique IPs exposed per router, and then added them up."

Source: https://news.softpedia.com/news/277k-rou...4037.shtml