Is Your Home or Business Router Safe?

Full Article Here:

More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday.

The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don’t reveal precisely what happens to the connected devices once they’re exposed, Akamai said the ports—which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed—provide a strong hint of the attackers’ intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play—often abbreviated as UPnP—to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets. In Wednesday’s blog post, the researchers wrote:

Taking current disclosures and events into account, Akamai researchers believe that someone is attempting to compromise millions of machines living behind the vulnerable routers by leveraging the EternalBlue and EternalRed exploits.

Unfortunately, Akamai researchers are not able to see what happens after the injections have occurred, they can only see the injections themselves and not the final payloads that would be directed at the machines exposed. However, a successful attack could yield a target rich environment, opening up the chance for such things as ransomware attacks, or a persistent foothold on the network.

Currently, the 45,113 routers with confirmed injections expose a total of 1.7 million unique machines to the attackers. We’ve reached this conclusion by logging the number of unique IPs exposed per router, and then added them up. It is difficult to tell if these attempts led to a successful exposure as we don’t know if a machine was assigned that IP at the time of the injection. Additionally, there is no way to tell if EternalBlue or EternalRed was used to successfully compromise the exposed machine. However, if only a fraction of the potentially exposed systems were successfully compromised and fell into the hands of the attackers, the situation would quickly turn from bad to worse.

The new instance, which Akamai researchers have dubbed EternalSilence, injects commands into vulnerable routers that open ports on connected devices. Legitimate injections often include a description such as “Skype.” EternalSilence injections use the description “galleta silenciosa”—”silent cookie/cracker” in Spanish. The injections look like this:

A sample of EternalSilence injections found on a single router.
Enlarge / A sample of EternalSilence injections found on a single router.

A scourge called UPnP

Wednesday’s post is only the latest piece of concerning news to involve UPnP, a protocol that is designed to make it easy for connected devices to operate by using code that lets them automatically discover each other and open ports needed to connect to the outside Internet. Two weeks ago, a separate team of researchers reported UPnP flaws were exploited to spawn a 100,000-router botnet used to send spam and other types of malicious email. Most if not all of the exploited vulnerabilities have been public knowledge since 2013, when a landmark Internet scan found 81 million IPv4 addresses responded to standard UPnP discovery requests, even though the standard isn’t supposed to communicate with devices that are outside a local network.

EternalBlue is an attack developed and used by the NSA that exploited server message-block implementations in Vista and all later versions of Windows. In April 2017, a mysterious group calling itself the Shadow Brokers made the attack code available to the world at large. A month later, EternalBlue was folded into WannaCry, a quick-spreading ransomware worm that paralyzed hospitals, shipping companies, and train stations around the globe. A month later, a disk-wiper dubbed NotPetya also used EternalBlue as an engine to self-replicate extremely rapidly.

While fixes for EternalBlue and EternalRed have been in place for more than a year, some organizations have yet to install them. Failing to patch doesn’t automatically mean a network is vulnerable. If ports are adequately restricted, exploits may not be able to spread. Akamai researchers say the new attacks are likely an opportunistic attempt to open devices to attacks they otherwise would be resistant to.

“The goal here isn’t a targeted attack,” they wrote. “It’s an attempt at leveraging tried-and-true off-the-shelf exploits, casting a wide net into a relatively small pond, in the hopes of scooping up a pool of previously inaccessible devices.”

To prevent attacks, people should ensure their routers aren’t vulnerable to UPnP attacks, either by buying new hardware or ensuring their older device is running updated firmware. Once a router has been exploited by UPnProxy, devices should be rebooted or, better yet, reset to their original factory settings to ensure port forwarding injections are cleared. People with compromised routers should also thoroughly inspect connected devices to ensure they haven’t been infected.


4 Cyber Security Mistakes Small Business Owners Need to Avoid

Most businesses use the power of technology to communicate with existing customers or as a tool to reach a wider audience. As a business owner, your responsibility is to provide your employees with a safe and secure network.

A recent study shows that nearly 60 percent of business owners polled think that cyber-attacks are getting more sophisticated with each passing year. The amount of collateral damage that can result from one of these attacks can be quite significant.

Rather than waiting until your network is hacked to take action, you need to find ways to secure your network now. Implementing the use of things like virus software or cybersecurity risk management software can help you identify network vulnerabilities and address them rapidly.

Here are some of the cybersecurity mistakes you need to avoid when trying to keep your small business network functional.

See Full Article Here:

  1. Monitoring User Activity is a Must

Some business owners think that simply having an antivirus program on their network is enough protection to fend off potential hacks. While this type of software can be helpful, you will have to do much more to keep your network safe.

One of the biggest mistakes made by small business owners when it comes to cyber-security is failing to monitor user activity. If there is a security breach, you can easily find the source if you are monitoring your employee’s online activities.

Often times, cyber-attacks are initiated through email attachments. Knowing which of your employees opened the email will provide you with the opportunity to reprimand them accordingly.

  1. Failing to Educate Employees About Cyber-Security

Attempting to fend off hackers without the help of your employees will be a futile effort. Educating your employees about things like how to spot a potential phishing scam and what to do is their computer is infected with a virus is crucial.

If you don’t have the time or the experience to provide your team with this information, consulting with IT and cyber-security professionals is a good idea. With their help, you can provide your team with helpful information about how to keep the network safe and virus-free.

  1. Routine Security Testing is Important

Do you feel as if you have a handle on securing your network? While you may feel you have mastered the art of network security, there may still be vulnerabilities that need to be addressed.

The best way to find these vulnerabilities is by routinely running tests on your network. Allowing cyber-security professionals to put your network to the test is a great way to see where changes need to be made.

The methods used by hackers are always evolving, which is why this type of testing is crucial. The cyber-security solutions that worked a few months ago may now be obsolete. Finding out what needs to be updated can help you avoid letting your sensitive information fall into the wrong hands.


  1. You Need a Reactionary Strategy

While most business owners work hard to put the right preventative measures in place regarding their cyber-security, many fail to have a plan in place should these measures fail. Having a reactionary strategy in place can help you get through a cyber-attack with minimal damage.

These reactionary plans should include things like cloud-based backups of your data and a disaster recovery strategy. While developing these plans will take some time, it is worth the energy you invest.

If you are having a problem getting a handle on your network security, now is the time to reach out to professionals for help. Allowing them to weigh in on these important matters can help you avoid mistakes.

Cybersecurity: Friend and Foe

Read full post here:


Nearly as many cybersecurity professionals are concerned about the security risks of artificial intelligence (AI) as are convinced that the technology will bolster their cyber defences.

That’s one of the findings of a new report from real-time information specialist, Neustar. The International Cyber Benchmarks Index is published by the Neustar International Security Council (NISC), a group of cybersecurity leaders across industries in the US and EMEA.

According to NISC’s research, 87 percent of security professionals recognise AI’s potential to enhance cybersecurity and bolster their organisation’s defences.

However, 82 percent said they are concerned about the possibility of attackers using the technology against them, with stolen data (50 percent), loss of customer trust (19 percent), unstable business performance (16 percent), and cost implications being the most feared outcomes.

As a result, nearly 60 percent of security leaders are apprehensive about adopting AI within their organisations.

Echoing Deloitte

The findings echo recent research from a better-known organisation, professional services giant Deloitte.

In Deloitte’s survey of 1,100 business leaders with early-stage AI projects, nearly one-third (32 percent) said they have experienced an AI-related data breach in the last two years.

As many as 20 percent of respondents said that they had shelved their AI plans as a result, while twice as many expressed concerns about the legal and regulatory risks of the technology.

“Artificial intelligence has been a major topic of discussion in recent times – with good reason,” said Rodney Joffe, head of NISC and a Neustar senior VP and fellow. “There is immense opportunity available, but as we’ve seen today with this data, we’re at a crossroads.

“Organisations know the benefits, but they are also aware that today’s attackers have unique capabilities to cause destruction with that same technology. As a result, they’ve come to a point where they’re unsure if AI is a friend or foe.”

Internet of Business says

Other key findings from the survey include: Distributed Denial of Service (DDoS) attacks are seen as the biggest threat to organisations, followed by social engineering and phishing, with organised crime and malicious individuals or organisations behind many incidents.

Forty-six percent of organisations were on the receiving end of a DDoS attack in Q3 this year, says NISC, a higher proportion than in previous reporting periods.