Summary
Wapack Labs highly recommends following US government guidelines to any owner of a small business or personal home office routers; to power cycle (reboot) their devices. International bad actors have compromised hundreds of thousands of home and office routers and other networked devices. These bad actors use the VPNFilter malware to target small office and home office routers. This malware is able to perform multiple functions, including potential information collection, device exploitation, and blocking network traffic.
Details
The size and scope of the infrastructure impacted by VPNFilter malware is quite substantial. The malware targets numerous brands of routers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.
Why is this Important?
The VPNFilter is able to attack small office and home office routers and make them inoperable. Also, the malware can potentially collect information passing through the router. Detection and analysis of the malware’s network activity is difficult due to the use of encryption and improper acknowledgement in the networks.
Mitigations
Cyber security experts recommend that any owner of small office and home office routers reboot their devices. Rebooting will temporarily disrupt this malware and aid in the potential identification of infected devices. Router owners are advised to consider disabling the remote management settings on their devices, create better security with strong passwords (a minimum of eight [8] characters and mix up the sequence to include upper and lowercase letters, punctuation, and numbers) and utilize encryption when router is re-activated. Network devices should be upgraded to the latest available versions of firmware.
Comments