New Malware Threat Targets Internet Routers

A new malware called VPNFilter has managed to infect over 500,000 routers around the world.

“The Federal Bureau of Investigation warned consumers to reboot their Internet routers and install new software patches, to fight a nasty new malware attack called VPNFilter that has so far infected about half a million devices in more than 50 countries, including the United States.  VPNFilter can be used to steal data, or to order routers to “self-destruct,” knocking thousands of Internet-connected devices offline.” 1

Routers are typically part of the technical devices in the home and at work, but how many of us know how to update software without the help of a technical person?  You would have to look up the brand of the router, its model and serial numbers, know the default password, log on to its internal control software and download a patch from the company’s website.  To some of us, that’s no problem, to most of us, it’s not only confusing, but anxiety provoking.

VPNFilter malware is a threat, and it can wreak havoc.  It can steal critical files from infected machines, or disable the router and knock out thousands of computers offline.  The FBI is working with researcher from Talos Intelligence Group, and they have traced the infection back to a group who appear to be linked to Russia’s military intelligence service.

The latest attack via VPNFilter is especially bad one, since it doesn’t only prevent devices from connecting to the internet, but it can be used for stealing passwords and monitoring internet activity. However, it seems that the attack has been planned for a while now, and both the UK and the US officials have been warning people that the Russian hackers might plan something like this.  The FBI used a court order to seize this Internet address and take it offline. Still, thousands of routers remain infected, including an unknown number in the United States.

So far, the only thing that the people can do to avoid becoming victims of the malware is to reset their routers. Returning them to the factory defaults and updating them is the only way to ensure that the malware is removed from the device.

“The FBI is urging Internet service providers Comcast Corp. and Verizon Communications Inc. and others to check whether their hardware is vulnerable, and work with customers on updating their routers.  Routers by Linksys, MikroTik, Netgear, and TP-Link are affected, as are big external hard drives made by a company called Qnap.  Merely rebooting the routers will wipe much of the toxic code from memory.  But a portion survives, and it will reinstall the malware when the device powers up.  The only sure cure is a software patch for each vulnerable device.” 2

“No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”3  Some of the products will handle the update automatically – as a consumer you need to be aware and be able to patch your router.

Don’t leave your networks open to hackers.  As we are connecting other digital devices to our home networks — audio speakers, thermostats, security systems, etc., they all need regular software updates if you want to remain safe.  Spending the time on each device and being proactive is better than having to deal with it in a crisis.

Learn on how Managed IT Services can help your business.
Discover the best IT Company suited for your business.

1 + 2:  The Boston Globe, May 24, 2018
3:   Talos Intelligence
US Department of Justice
Security Global 24