Security News > 2021 > January > Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
2021-01-27 20:32

Disconnecting devices from the internet is no longer a solid plan for protecting them from remote attackers.

A new version of a known network-address translation slipstreaming attack has been uncovered, which would allow remote attackers to reach multiple internal network devices, even if those devices don't have access to the internet.

According to researchers from Armis and Samy Kamkar, chief security officer and co-founder at Openpath Security, attackers can execute an attack by simply convincing one target with internet access on the network to click on a malicious link.

In the original NAT slipstreaming attack, revealed and mitigated in November, an attacker persuades a victim to visit a specially crafted website; a victim within an internal network that clicks on it is then taken to an attacker's website.

The ability to reach devices without human interaction means that attackers can reach not only desktops but also other devices that don't typically have human operators - unmanaged devices like printers, industrial controllers, Bluetooth accessories, IP cameras, sensors, smart lighting and more.

Once the perimeter is breached, attackers are free to exploit and take over vulnerable and open devices, and install remote access tools for further attacks.


News URL

https://threatpost.com/remote-attackers-internal-network-devices-nat-slipstreaming/163400/