Akamai Technologies has detected malware that alters configurations on small business routers to open connections to internal networks so hackers can infect previously isolated computers.

Hackers achieve this with a technique known as UPnProxy, which exploits vulnerabilities in the UPnP services installed on older routers to alter the Network Address Translation (NAT) tables.

NAT tables control how IP packets and ports from the router’s internal network are mapped onto a public network such as the Internet. Hackers leverage weaknesses in UPnP services to insert special rules into routers’ NAT tables that allow them to connect to specific ports to gain access to devices and computers located behind the router on the internal network.

With 277,000 routers with vulnerable UPnP services exposed online, hackers can reach an estimated 1.7 million devices behind the routers, according to Akamai.

DataLink advises companies to replace older routers with new ones that do not use a vulnerable UPnP implementation. If this is not feasible, DataLink can help remove the malicious NAT table entries from affected routers.

A long-term solution to deal with this threat – and others that will inevitably follow – would be to deploy a firewall to prevent suspicious traffic from finding its way into your internal networks and systems.

DataLink can source, implement and manage an effective firewall solution to safeguard your business and give you peace of mind.

Contact us today.
(410) 729-0440 | Email