Security News > 2021 > January > New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research.
Detailed by enterprise IoT security firm Armis, the new attack builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet.
First disclosed by security researcher Samy Kamkar in late October 2020, the JavaScript-based attack relied on luring a user into visiting a malicious website to circumvent browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim's device, even those that were protected by a firewall or NAT. Although partial mitigations were released on November 11 to thwart the attack in Chrome 87, Firefox 84, and Safari by preventing connections on port 5060 or 5061, Armis researchers Ben Seri and Gregory Vishnipolsky revealed that "NAT Slipstreaming 2.0" puts "Embedded, unmanaged, devices at greater risk, by allowing attackers to expose devices located on internal networks, directly to the Internet."
"Using the new variant of the NAT Slipstreaming attack to access these types of interfaces from the Internet, can result in attacks that range from a nuisance to a sophisticated ransomware threat," the researchers said.
Google, Apple, Mozilla, and Microsoft have all released patches to Chrome, Safari, Firefox, and Edge browsers to address the new attack.
NAT Slipstreaming 2.0 is similar to the aforementioned attack in that it uses the same approach but relies on H.323 VoIP protocol instead of SIP to send multiple fetch requests to the attacker's server on H.323 port, thereby allowing the attacker to iterate through a range of IP addresses and ports, and opening each one of them to the Internet.
News URL
Related news
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)