VPNFilter Malware Threat Continues To Grow

Posted on June 7, 2018 · Posted in Featured Network Access Articles

VPNFilter malware wreaks havoc on routers, check if you’re affected

VPNFilter, a recently discovered malware that attacks routers and switches, is far more dangerous than originally thought.

Cisco Talos, which first posted information about VPNFilter in May, has now updated its blog with new findings about this threat, and the results are not good.

Originally, Cisco Talos said that VPNFilter attacks several brands of home and small office routers — namely Linksys, MikroTik, NETGEAR and TP-Link — as well as QNAP’s NAS devices, with the ability to steal certain types of data and render infected devices unusable.

“In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints,” Cisco Talos wrote in a post dated Wednesday.

The list of routers affected has increased significantly and now includes devices from ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

As for VPNFilter’s additionally discovered capabilities, they include bypassing SSL encryption and thus stealing sensitive data, injecting malicious content into normal web traffic and infecting other devices on the network.

According to Cisco Talos, the malware is mostly active in Ukraine. This is interesting given the recent joint cybersecurity alert by the UK and U.S. authorities, warning of “malicious cyber action” by the Russian government, which is allegedly exploiting vulnerabilities in routers and switches to steal sensitive data.

Even if you’re located outside of Ukraine, it does not mean you’re safe. VPNFilter’s behavior is unpredictable and anyone with an affected device should take measures to protect themselves.

Cisco Talos has a list of affected devices here (scroll down to “Known Affected Devices”), and it’s not a short one. If you have any of the router models on that list, Symantec recommends you reboot it immediately, which will partially get rid of the threat, and then update its firmware, if an update is available. A hard reset of the device should get rid of VPNFilter completely, but it will also reset your configuration details. Note that even if you remove the threat in this way, your router will still stay vulnerable to this threat until a fix is applied.

Link to Original Mashable Article by Stan Schroeder:  https://mashable.com/2018/06/07/vpnfilter-router-malware/#wz7ZncuRRaqA