According to Armis Security Resarch, a new variant attack could allow attackers to bypass NATs & Firewalls and reach any unmanaged device within the internal network from the Internet.
NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet.
Summary of new findings
- The new variant to the NAT Slipstreaming attack was discovered by Armis’ researchers, resulting in a combined effort with the original discoverer of the attack, Samy Kamkar (Chief Security Officer & co-founder at Openpath Security Inc.).
- The new attack variant can allow attackers to reach any device within the internal network and simply requires a victim to click on a malicious link.
- Impact of attack on unmanaged devices can be severe, ranging from a nuisance to full-blown ransomware attack.
- Enterprise-grade NATs/firewalls from Fortinet, Cisco and HPE are confirmed to be affected, while others are likely affected as well
- The collaboration resulted in a security disclosure with browser vendors to mitigate the attack
- Google, Apple, Mozilla and Microsoft have released patches to Chrome, Safari, Firefox and Edge, that mitigate the new variant.
- The Armis platform can help identify endpoint devices that are at risk (running unpatched browser versions) and detect exploit attempts of NAT Slipstreaming attacks.
