Skip to main content

Hackers Are Exploiting Home And Small Office Routers 

By December 14, 2018June 2nd, 2022Cybersecurity

Akamai has discovered a nasty new hack that’s allowing cybercriminals to move beyond simply compromising routers, but also, in some instances, to use the compromised routers to take control of other machines sitting behind it on your network.

The hack, known as UPnProxy exploits weaknesses in the design of the UPnP services installed on many routers, allowing hackers to alter the router’s Network Address Translation tables.

These tables are essentially a set of codified rules that control how ports and IPs from the router’s internal network are mapped out onto a larger network segment, most commonly, the internet itself.

When the exploit was first discovered back in April, it was being used to slave routers, converting them into proxies for regular web traffic. However, according to Akamai, there’s a new variant of the UPNProxy attack that allows hackers to insert their own rules into the NAT tables of routers.

In addition to slaving the router as described above, the new rules allow a hacker outside your network to connect to the SMB ports of computers and other devices located behind the router, inside your company’s network.

According to Asamai’s estimates, there are some 277,000 routers that have UPnP services exposed online that are vulnerable to the exploit.  More than 45,000 of these have already been modified in the most recent campaign discovered by the company.

A spokesman for Akamai had this to say about their recent discovery:

“Recent scans suggest that these attackers are being opportunistic.  The goal here isn’t a targeted attack.  It’s an attempt at leveraging tried and true off the shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices.”

Fortunately, as part of the White Paper Akamai published about the attack, they also included instructions for how to remove malicious NAT table entries from impacted routers.  It’s well worth the read.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.