NAT Slipstreaming Eases Attacks on Protected Network Devices


Network-address translation (NAT) slipstreaming is a process of connecting internal network devices to the outside internet which allows multiple devices connected to a router to share a single public IP address. Emerging at the moment is a new version of NAT slipstreaming which provides cybercriminals easy access to devices that are not even connected to the internet.

Before, disconnecting devices from the internet seems to be a safe way to secure your devices from cyberattacks, but it is no longer the case. Through NAT slipstreaming, attackers can simply lure the target into clicking a malicious link. From there, the attacker easily gains access to other endpoints, even unmanaged devices like industrial controllers.

According to researchers, when a victim visits the malicious link, which is an attacker-controlled website, the JavaScript code running will send out traffic to the attacker’s servers which crosses through the network’s NAT/firewall. 

In a demonstration by the cybersecurity company, Armis, they explained that in the new version “attackers fool the NAT in a way that it will create paths to any device on the internal network, and not only to the victim device that clicked on the link.”

Browser patching seems to be an effective mitigation method, experts say.