Hackers are Still Using NSA Leaks to Attack Unpatched Systems




A year ago, NSA’s most competent hacking tools were abused by the attackers, and though, patches were released to keep the exploit in check, hundreds of thousands of systems were still left unarmed against the attacks. 

Now, the vulnerable configurations of the computers are taken advantage of by the hackers. As per the reports, hackers, equipped with even more advanced methods of attacking, compromised more than 45,000 internet routers.

With NSA’s hacking tools leaked online, it was quite evident that the agency has cemented its place in the arena of developing intelligent hacking tools which can be the detective for all kinds of networked hardware across the globe. 

However, there’s something else that came along with the leak  the advantage that hackers could take and needless to say, they did.

Initially, hackers exploited the vulnerabilities to spread ransomware followed by cryptocurrency mining attacks. Now, researchers suggest that the leaked tools are used by hackers to create an even bigger malicious proxy network.

Cloud service provider, Akamai Technologies evinced that the first spotted UPnProxy vulnerability, which threatened the common Universal Plug and Play network protocol, can now attack unpatched systems behind the router’s firewall.

Referenced from the findings of Akamai on the subject, out of 277,000 vulnerable systems, around 45,000 have already been attacked.

Out of 3.5 million devices that were examined, approximately 80% cent carry a vulnerable version of UPnP, said Akamai.

The hack exposes ports 139 and 445 which open up around 2 million PCs, smartphones, speakers, tabs, robot vacuum cleaners and various other devices linked to the aforementioned routers.

"Victims of this attack will be at the mercy of the attackers, because they'll have machines existing on the internet that were previously segmented, and they'll have no idea this is happening," Akamai mentioned. "Moreover, machines within the network that had a low priority when it came to patches will become easy pickings.”

Now the question which arises is what happens to the infected devices? Well, that is for us to speculate. A first healthy step would be to update your router firmware.

Meanwhile, victims can also try doing a factory reset. However, those who reckon that disabling UPnP is the quick-fix, Seaman argues, “it’s the equivalent of plugging the hole in the boat, but it does nothing to address the water that has made it into your sinking ship.”



Category:

Share this with Your friends: