Saturday, February 5, 2022

UPnP


 Universal Plug and Play (UPnP) service becomes dangerous if it establishes connections with devices that are infected with malware. Such connections make DDoS attacks possible. UPnP exploitation can result in more than just the connection of an infected device

A malicious campaign known as 'Eternal Silence' is abusing UPnP turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.

The new rulesets defined by the hackers contain the phrase 'galleta silenciosa', which is Spanish for 'silent cookie'.

{"NewProtocol": "TCP", "NewInternalPort": "445", "NewInternalClient": "192.168.10.212",
"NewPortMappingDescription": "galleta silenciosa", "NewExternalPort": "47669"}

The injections attempt to expose TCP ports 139 and 445 on devices connected to the targeted router, roughly 1,700,000 machines running SMB services.

As the best practice, the latest firmware update should be a priority as the device vendor may have addressed any UPnP implementation flaws via a security update.

1 comment: