TechViews News …..
By now most people have heard that a group of Russian hackers have been able to infect over 500,000 routers worldwide. What started out as an attack in the Ukraine has spread globally.
The Justice Department last week urged everyone with a small office – home office (SOHO) or NAS device to reboot their gadgets immediately in order to thwart what is being called the “VPNFilter”, a new strain of malware that can brick your router.
As of Wednesday, the malware had affected not only routers, but also devices connected to them, according to Cisco’s data-security group, Talos. And it had been detected in 54 countries.
“The average American could be compromised, giving attackers access to personal data and control over the device,” says Cisco Talos director Craig Williams. “This is why it is crucial that consumers install security updates regularly.”
Routers have long been a favorite target for hackers. In Symantec’s latest annual Internet Security Threat Report, routers were the most frequently exploited type of device in IoT, or Internet of Things, attacks.
The devices are particularly important for consumers’ security because they transmit all the data that flows in and out of the home, from emails to credit card information. VPNFilter could allow attackers to monitor data traffic, quietly use a network of routers for illegal activity, or stop either individual routers or masses of them from working at all, according to Williams.
Williams says his company has identified more than a dozen products that are vulnerable to the malware. The products listed are made by Linksys, MikroTik, Netgear, QNAP, and TP-Link.
However, the post says, “Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected.”
How do you know whether the malware has infected your particular router? According to both Williams and other security experts, there’s no way to be sure.
“This is the scary part of router malware,” says Craig Young, principal security researcher at Tripwire VERT, a security research firm. “A sophisticated attacker can create malware that would be completely undetectable by even tech-savvy end users. It is simply not possible for someone without specialized tools to confirm whether any particular router is infected or clean.”
If you have one of the vulnerable devices (listed below), you should assume it has been infected, these experts say. To fix the problem, do a hard reset of the router and update the firmware
How Did the VPNFilter Malware Attack Happen?
Without getting into too much technical detail (there’s a full-breakdown on the Talso blog if you want that), the malware works in two stages. It’s still unknown how the infection first takes hold, but older routers with well-known public vulnerabilities are the ones affected.
The first stage is designed to gain a persistent foothold on the router and enable stage two.
Once the foothold had been established in stage one, the second stage collects your files and monitors the traffic passing through the router, removing data and controling the device.
What is of particular concern is that the stage one malware can remain on the router even after a full reboot. This sort of resilience is unprecedented for an Internet-of-Things malware attack.
How to Guard Against the VPNFilter Malware
Firstly, use a good anti-malware program to protect all of your devices, not just your computer. That’s because if your router becomes infected, then when the malware hits your actual computer, your anti-virus — if properly updated — should catch it on a deep scan.
Second, be mindful of the sites you visit – if they’re not HTTPS sites (you’ll spot this in the URL next to a small green padlock) steer clear.
However, if the malware infects your router, any computer, laptop, tablet or smartphone is vulnerable if it is connected to the router. This occurs whether the connection by hard-wire or Wi-Fi.
What to Do
If you have already been targeted by the VPNFilter attack, the best thing to do is get a new router. Due to the resilience of the stage one malware mentioned earlier, there’s not a lot you can do to remove it.
Getting a new router is fairly easy – most ISPs should be willing to offer you a new, more secure one, given the circumstances.
Alternatively, you could purchase your own third-party router.
These can often be more secure and offer faster network speeds that ISP routers – make sure you get one with a built-in modem if you’re not the most tech-confident user.
But if you choose the dangerous course and keep your current router (especially if it’s on the list), experts say, you should start by doing a hard reset, which will revert the device to the way it was when it came from the factory. Note that doing this wipes out any changes you made to your router settings.
Many routers have a button you can press for several seconds to perform the reset. You may need a paper clip to do this—router makers intentionally make it a bit tricky to avoid accidental resets. If there’s no button, you may need to log into the router settings, which will also allow you to update the software that controls your router, also called firmware.
For most routers, you’ll need to open a web browser and type in the device’s IP address. Very often, the address is 192.168.0.1 or 192.168.1.1, but this varies by brand—as do the instructions for downloading and installing your firmware update. So do an online search for the customer support pages for your router model.
Once you perform the update, don’t log out.
Continue to update your anti-virus and run a deep scan. This takes time, but it’s your best defense to act before a wave of new infections occurs.
Below is a list of routers Symantec identified as vulnerable to VPNFilter:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.