A new malware campaign has just been discovered that has already infected more than 45,000 home and small office routers, putting them at hackers’ mercy. The cybercriminals are using malware based on tools stolen from the NSA.
On Thursday, Akamai, a US-based content delivery network and cloud service provider, reported that hackers are exploiting the Universal Plug and Play (UPnP) protocol to access devices hiding behind routers. UPnP is used to automatically recognize devices connected on a local network to improve gaming and media streaming. However, UPnP also hides vulnerabilities previously explored by cybercriminals.
Back in April, Akamai released a white paper explaining how hackers use UPnP to turn routers into personal proxy servers. However, now hackers have found a new way to install rules in Network Address Translation (NAT) tables, which decide how traffic is sorted from your router to the devices connected to it. They add an entry to the NAT table that they call 'galleta silenciosa’ ('silent cookie/cracker' in Spanish).
The silent cookie opens ports which give hackers access to devices that would normally be hidden by your NAT and wouldn’t be visible to other devices on the internet. Once hackers have access to your devices, they are free to install any malware they wish.
Akamai’s researchers confirmed that EternalSilence – which is what they’re calling this attack – has potentially affected 1.7 million devices. It uses a similar technique to EternalBlue (and its Linux sister – EternalRed), an NSA creation used in the massive global WannaCry and NotPetya ransomware attacks.
Check the white paper released by Akamai to make sure that your router isn’t on the list of susceptible devices. Over 50 brands, including major players like ASUS, Logitech, and Netgear, could be susceptible to this attack. If you are worried that your router has been compromised or you are using an infected device, follow these steps and protect yourself from cybercriminals.
Try NordVPN free to see how it protects your devices from all sorts of online threats!