A recent bulletin from the U.S. Department of Homeland Security warns that your router could be vulnerable to cyberattacks.
This isn’t a rehash of last fall’s spate of firmware upgrades after the discovery of a vulnerability that would allow attackers to access private information or implement distributed denial of service (DDOS) attacks. We’re talking about an entirely new threat.
Advanced and possibly state-sponsored cybercriminals have compromised home and office routers and other networked devices including Internet of Things (IoT) and network-attached storage (NAS) devices all over the world using malware called VPNFilter.
Cybersecurity firm Talos estimates that at least 500,000 devices in at least 54 countries have been affected. The routers known to be vulnerable to the VPNFilter malware are made by Linksys, MirkoTik, NETGEAR, and TP-link. QNAP network-attached storage devices are also vulnerable. But just because your device’s brand isn’t mentioned here doesn’t mean you’re safe; research is still going on and other devices may be infected as well. Most of the targeted devices, particularly older ones, have publicly known exploits or default credentials that make it particularly easy to hack them.
What happens if a networking device is infected by the VPNFilter malware?
It can collect information such as credit card details or other sensitive data. It can “brick” a router or IoT device. It can co-opt routers and NAS devices so they can be used to conduct malicious activity without revealing the identity of the original attacker. It could be used to conduct a large-scale attack that would render some or all of these devices nonfunctional.
So, what can you do to prevent the VPNfilter malware from infecting your devices?
The first thing is easy: power-cycle your router. Turn it off, count to 10 slowly, then turn it back on again. This will temporarily disrupt the malware.
Then upgrade your router or NAS device to the latest available versions of its firmware. If you have access to your router’s administrative interface (usually accessed through a web page called something like http://router), you should see a notice if there’s an upgrade to your router’s firmware. If your router is old or the manufacturer is no longer writing firmware upgrades, it would be a very good idea to replace your router with a newer one.
Talos recommends that once your firmware is upgraded, you reboot your router again in order to remove the VPNfilter malware if your device has downloaded it again prior to the firmware upgrade.
If you’re interested in the technical details of the VPNfilter malware, you can read about it on the Talos blog.
Meanwhile, that old tech support suggestion, “turn it off and then on again” will go a long way to slow the spread of the VPNfilter malware.