A Microsoft exploit released last year after being trapped by the National Security Agency has been used by hackers for more than 45,000 Internet routers, the researchers said.
Providers and Content of Cloud Services Delivery Network Akamai said in a blog post Thursday that tens of thousands of routers have been compromised by attackers aiming for vulnerable implementations of Universal Plug and Play (UPnP), a widely used protocol Automatically detect devices over a local area network.
Akamai reported that around 8 percent out of a pool of 3.5 million devices carried the vulnerable UPnP version.
"The victims of this attack are at the mercy of the attackers because they have machines on the Internet that were previously segmented, and they have no idea this is happening," the company said. "In addition, machines in the network, which had a low priority in patches, to simple selections."
UPnP has a long-standing track record of being compromised by hackers, often by exposing devices on the Internet that should only be visible locally. Akamai reported this summer that UPnP was used by hackers to hide traffic in an "organized and widespread abuse campaign."
The new attack, which releases ports 139 and 445, uses EternalBlue, an exploit developed for the NSA. The was stolen and then made public by the hacker group Shadow Brokers. It later became part of the WannaCry ransomware attack and the NotPetya wiper attack, which was created as a ransomware (fakesomware?) Issue, but was only designed to destroy shit.
Two weeks ago, Ars Technica reported reporting on Akamai & # 39; s research for the first time how UPnP was used to create a 100,000 router botnet. The mass infection was discovered by Netlab 360.
Unfortunately, researchers were unable to identify exactly what happened to these 45,000 infected routers. However, the researchers said a successful attack could "create a targeted environment that would open up opportunities for attacks such as ransomware or a permanent footprint on the network."
Attackers can be fended off by properly updating the router's firmware and by disabling UPnP. Akamai also recommends purchasing a new router after the infection. However, if you are cheap, it may not be enough to disable UPnP on an already infected router. perform a factory reset, just to be sure.