The New York Times – F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware: “Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies…”
- See also additional critical information on this cyber-attack via Symantec [h/t Pete Weiss]: VPNFilter: New Router Malware with Destructive Capabilities: “A new threat which targets a range of routers and network-attached storage (NAS) devices is capable of knocking out infected devices by rendering them unusable. The malware, known as VPNFilter, is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot. VPNFilter has a range of capabilities including spying on traffic being routed through the device. Its creators appear to have a particular interest in SCADA industrial control systems, creating a module which specifically intercepts Modbus SCADA communications…To date, VPNFilter is known to be capable of infecting enterprise and small office/home office routers from Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices [note – you no doubt have a router manufactured by one of the aforementioned companies]…”
- See also The Register – “Vendor responses to VPNFilter so far include:
- Netgear said users should install the latest firmware for their devices, change the default admin password, and turn off remote management;
- MikroTik said the March 2017 version of its operating system disables the malware, and provided instructions about securing its devices;
- QNAP said suitable firmware has existed since last year, and reminded users to change the default admin password; and
- TP-Link said VPNFilter only affected its TP-R600VPN router, and linked users to firmware and security instructions…”
Sorry, comments are closed for this post.