FBI Issues Immediate Warning For Everyone To Reboot Internet Routers

There’s malware out there that is so severe, the FBI is warning everyone, at home and at the office, to reboot their internet routers in hopes of flushing some of it out. The Bureau released a statement that, VPNFilter “is able to render small office and home routers inoperable. The malware also collects information passing through the router.”

What does that mean?  It means that if this is on your router, it may be able to spy on your internet browsing activities or even shut down your device completely. It’s still unclear what VPNFilter is fully capable of doing and there is no firm evidence who is behind it, but Cisco’s security team, Talos, said that 500,000 plus devices have been hit all around the world. “We assess with high confidence that this malware is used to create an expansive, hard-to-attribute infrastructure that can be used to serve multiple operational needs of the threat actor,” Cisco researcher William Largent wrote. “Since the affected devices are legitimately owned by businesses or individuals, malicious activity conducted from infected devices could be mistakenly attributed to those who were actually victims of the actor. The capabilities built into the various stages and plugins of the malware are extremely versatile and would enable the actor to take advantage of devices in multiple ways.”

A particular target of this is Ukraine, which was also hit last summer by crippling malware attributed to the same group as this one, FancyBear (akaAPT28SandwormPawn StormSofacySednit, Tsar Team, and x-agent). According to both Cisco and Symantec, many brands of routers may be infected with this including Linksys, Microtik, Netgear, QNAP, and TP-link.

Last week, the FBI seized the domain that was controlling VPNFilter and at least was able to partially block the attackers. Now they are issuing the advisory for everyone to power cycle their routers.

Once those are rebooted, make sure that they are updated with the latest security patches and that the default passwords are changed to something strong and difficult to guess or to figure out using brute force attacks. This means don’t make your password “football,” “password,” or “12345678,” or any variations of those. Be sure they are at least eight characters, are not dictionary words, names, or dates that are connected to you. Use upper and lower case letters, special characters, and numbers.

There is still a lot to be determined about VPNfilter, but the FBI believes the Kremlin is backing FancyBear and therefore may be behind this malware. So far, it’s believed that it turns the infected routers into a massive botnet that may be intended for a major cyberattack against power grids.

Some of the devices already identified as threatened are:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRS4400N
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • TP-Link R600VPN

If you have any of these, make updating them a priority. And because it’s likely others will be identified later, be on the safe side and make sure any device you have is updated and the default password is changed.

© Copyright 2018 Stickley on Security Inc.