fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

277,000 Routers Exposed to Eternal Silence Attacks via UPnP

277,000 Routers Exposed to Eternal Silence Attacks via UPnP

A malicious campaign known as ‘Eternal Silence’ is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.

UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically. This allows remote devices to access a particular software feature or device as necessary, with little configuration required by a user.

However, it is yet another technology that trades convenience for security, especially when the UPnP implementation is potentially vulnerable to attacks allowing remote actors to add UPnP port-forwarding entries via a device’s exposed WAN connection.

Researchers from Akamai have spotted actors abusing this vulnerability to create proxies that hide their malicious operations, calling the attack UPnProxy.

Also Read: New Data Protection Laws Australia: How Implementation Works

Out of 3,500,000 UPnP routers found online, 277,000 are vulnerable to UPnProxy, and 45,113 of them have already been infected by hackers.

A new family of injections

Akamai’s analysts speculate that the actors attempt to exploit EternalBlue (CVE-2017-0144) and EternalRed (CVE-2017-7494) on unpatched Windows and Linux systems, respectively.

Leveraging these flaws can lead to an array of potential problems, including resource-consuming cryptominer infections, devastating worm-like attacks that quickly spread to entire corporate networks, or initial access to corporate networks.

The new rulesets defined by the hackers contain the phrase ‘galleta silenciosa’, which is Spanish for ‘silent cookie’.

{"NewProtocol": "TCP", "NewInternalPort": "445", "NewInternalClient": "192.168.10.212",

"NewPortMappingDescription": "galleta silenciosa", "NewExternalPort": "47669"}

The injections attempt to expose TCP ports 139 and 445 on devices connected to the targeted router, roughly 1,700,000 machines running SMB services.

Akamai is unsure about the success rate of this campaign, but observed a systematic approach to the scans, targeting devices that utilize static ports and paths for their UPnP daemons to inject port forwards.

Eternal exploits

Akamai’s analysts speculate that the actors attempt to exploit EternalBlue (CVE-2017-0144) and EternalRed (CVE-2017-7494) on unpatched Windows and Linux systems respectively.

Leveraging these flaws can lead to an array of potential problems, including resource-consuming cryptominer infections, devastating worm-like attacks that quickly spread to entire corporate networks, or initial access to corporate networks.

“Because there is a decent possibility that (vulnerable) machines unaffected by the first round of EternalBlue and EternalRed attacks were safe only because they weren’t exposed directly to the internet. They were in a relatively safe harbor living behind the NAT,” explains Akamai’s report

“The EternalSilence attacks remove this implied protection granted by the NAT from the equation entirely, possibly exposing a whole new set of victims to the same old exploits.”

Defending against Eternal Silence

‘Eternal Silence’ is a very cunning attack because it renders the practice of network segmentation ineffective and doesn’t give any indication of what is happening to the victim.

The best way to determine if your devices have been captured is by scanning all endpoints and auditing the NAT table entries.

Also Read: Shred It Singapore For Commercial Document Destruction

There are many ways to do this, but Akamai has conveniently provided this bash script (screenshot below), which can be run against a potentially vulnerable URL.

If you’ve located a device compromised with Eternal Silence, disabling UPnP won’t clear the existing NAT injections. Instead, users will need to reset or flash the device. 

Also, applying the latest firmware update should be a priority as the device vendor may have addressed any UPnP implementation flaws via a security update.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us