More attacks targeted towards routers.

Published by tinsleyNET Admin on

More that 500,000 routers in over 50 counties have been infected with malware that originated from Russian sources, say the FBI.

VPNFilter

The malware has infected home and small business routers made by Linksys, Netgear, QNAP, TP-Link and Mikrotik.

The malware has been linked to Russian government hactivist’s, Reuters have suggested the Ukraine was the likely target of the attack.

How it works

CISCO VPNFilterCisco, who found the malware, said that “The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyber attack operations,”

Essentially the malware has the capability to record any information that passed through the router, it also contained code to destroy the router on command, presumably to prevent the malware being found.

Once a device is infected, the malware downloads additional code into memory to perform the packet recording. If this download fails, the malware awaits individual commands from the control server.

Recommended action

Cisco initially suggested performing a factory reset on the devices to erase the malware and return to a clean operating system. The FBI have later updated their advice to simply reboot the devices, this clears out the temporary code from RAM but leaves the initial malware in place, this will attempt to re-download the additional components from servers now under the control of the FBI. When this fails the malware will simply listen for commands from the C&C servers.

“Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second-stage malware and causing the first-stage malware on their device to call out for instructions. Although devices will remain vulnerable to reinfection with the second-stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

The American Justice Department statement. 

Precautions

Even if your router is not one of the models listed, it might be a good idea to perform a power cycle (power off, power on) of your device, and Cisco have advised that all SOHO (Small Office/Home Office) routers and NAS devices are cycled in this way to disrupt the malware.

Categories: Cyber CrimeIoTMalwareNetwork SecurityWeb Technology
Tags:

0 Comments

What are your thoughts?

Related Posts

BBC Tunein
Streaming Services

TuneIn no longer has BBC Radio

From September 20th 2019, the TuneIn service will no longer supply streams from the BBC for any of it's radio stations

FaceApp Icon
Apps

FaceApp

You can't have helped but see the FaceApp images appearing on people's social media, photos edited by AI to make them look older, younger or to swap genders. You've probably also heard that the app is stealing your data in the background and uploading it to Russian servers. We take a look at the app and dig into what it's actually doing with your data. #DataSecurity #App #Android #AppStore #AI #FaceApp #DataPrivacy

ASUS Logo wioth dark background
Malware

ASUS Computers infected with backdoor malware ‘ShadowHammer’

Kaspersky have identified backdoor malware being sent out from ASUS servers via it's trusted automatic software update tool.