A new threat which targets a range of routers and network-attached storage (NAS) devices is capable of knocking out infected devices by rendering them unusable.
FBI officials say any owner of small office and home officer routers should reboot their devices, as foreign cyber actors have compromised hundreds of thousands of home and office routers around the world.
In a statement released on the FBI’s Internet Crime Complaint Center (IC3) on Friday, officials say the actors used a malware called VPNFilter to target routers. The malware is able to perform a number of functions, including possible information collection, device exploitation, and blocking network traffic. The malware reportedly targets several manufacturers and network-attacked storage (NAS) devices by at least one manufacturer.
Officials say VPNFilter is able to render routers inoperable, and can potentially collect information passing through the router.
According to Cisco Talos, VPNFilter may have targeted at least 500,000 devices in at least 54 countries, with known affected devices by Linksys, MikroTik, Netgear, and TP-Link. Cisco Talos officials, however, noted that the research is still not complete, but that they shared their findings due to recent events, so that those affected can take appropriate action to defend themselves.
In a statement posted on its website, router manufacturer Netgear said they are aware that the malware might target some of their routers, but said according to their understanding of an investigation conducted by Cisco Talos, the malware targets vulnerabilities for which they have already released firmware fixes.
Meanwhile, TP-Link officials say they are aware the malware targets one of their router models, and are investigating. Meanwhile, they say users of their products should keep their devices updated with the latest firmware, and change their router’s default admin password.
We urge owners of routers to reboot their devices to temporarily disrupt the malware, and help with the potential identification of infected devices. In addition, router owners are advised to consider disabling remote management settings on devices, and secure with strong passwords and encryption when enabled. Also, Network devices should be upgraded to the latest available versions of firmware.
Since VPNFiltere does not exploit any zero-day vulnerability to infect its victims and instead searches for devices still exposed to known vulnerabilities or having default credentials, users are strongly recommended to change default credentials for their devices to prevent against the malware.
Moreover, always put your routers behind a firewall, and turn off remote administration until and unless you really need it.
If your router is by default vulnerable and can’t be updated, it is time you buy a new one. You need to be more vigilant about the security of your smart devices.