Cybercriminals infected small office and home office routers with the VPNFilter malware. Here is what you need to know about VPNFilter, including what to do if you think router might be infected.
Routers are easy targets for hackers. These devices connect directly to the Internet, so accessing them takes little effort. Plus, most routers do not include built-in protection against malware. Further, known vulnerabilities in routers are often not patched by users since updating their firmware takes some know-how. Because it is so easy to hack routers, cybercriminals were able to infect a half million of these devices with a malware variant known as VPNFilter.
Here is what you need to know about VPNFilter, including what to do if you think one of your routers might be infected with it.
What You Need to Know
Security researchers at Talos recently discovered that cybercriminals had implanted the VPNFilter malware into networking devices used by small offices and home offices around the world. Devices found to be infected include Linksys, MikroTik, NETGEAR, and TP-Link routers as well as QNAP network-attached storage (NAS) devices.
VPNFilter turned the routers and NAS devices into a giant botnet. Security researchers and law enforcement surmised that the cybercriminals were planning to use the botnet to carry out a cyberattack in Ukraine since some of the code in VPNFilter was found in a malware strain used to cripple Ukraine’s power grid back in December 2015.
Fortunately, in May 2018, the US Federal Bureau of Investigation (FBI) seized the website that the hackers used to control the botnet, crippling their ability to carry out the planned attack. However, the danger is far from over. A half million devices are still infected with VPNFilter. The Talos security researchers found that one of VPNFilter’s code modules would allow cybercriminals to collect any data passing through a router or NAS device, including sensitive data such as passwords. Even worse, they discovered another code module designed to overwrite portions of the devices’ firmware, which would make the devices unusable. The situation is so serious that the FBI issued an alert about what the owners of small office and home office routers should do to protect themselves.
What You Need to Do
Symantec has compiled a list of routers and NAS devices known to be affected by VPNFilter. However, there is no easy way to tell if a device is infected. So, if your device is on Symantec’s list, it is highly recommended that you implement four security measures. Some security experts are even advocating that anyone with a small office router, home office router, or NAS device take these measures, even if their device is not on the list.
Here are the security measures:
Give us a call if you need assistance with implementing any of these measures.