“More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable,” Zack Whittaker reports for TechCrunch. “First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the leaked tools to create an even bigger malicious proxy network.”
“New findings from security giant Akamai say that the previously reported UPnProxy vulnerability, which abuses the common Universal Plug and Play network protocol, can now target unpatched computers behind the router’s firewall,” Whittaker reports. “The injections use two exploits — EternalBlue, a backdoor developed by the National Security Agency to target Windows computers; and its ‘sibling’ exploit EternalRed, used to backdoor Linux devices, found independently by Samba. Where UPnProxy modified the port mapping on a vulnerable router, the Eternal family of exploits target the service ports used by SMB, a common networking protocol used on most computers.”
“Together, Akamai calls the new attack ‘EternalSilence,’ drastically expanding the spread of the proxy network to many more vulnerable devices,” Whittaker reports. “Akamai says more than 45,000 devices are already under the thumb of the massive network — potentially amounting to over a million computers, waiting for commands.”
Read more in the full article here.
MacDailyNews Take: Lovely.