There is a scary new malware threat that targets routers and network-attached storage devices. It’s so dangerous that the FBI has issued an urgent request to anyone who owns the affected devices to reboot them immediately.
Scarier still, it is suspected that this malicious attack originates from a Russian government-sponsored hacking group known as Sofancy aka Fancy Bear. This group is also being blamed for various cyberattacks including serious attempts to disrupt the 2016 U.S. elections.
This malware is such a critical threat since it’s capable of spying, data collection, reinfection, traffic redirection and it can even render your router unusable!
VPNFilter
Revealed last week by Cisco Talos security researchers, the dangerous malware is known as VPNFilter and it has already infiltrated half a million routers in dozens of countries, including the U.S. It’s suspected that the compromised routers will soon be used in a major botnet attack.
A botnet is a group of gadgets that hackers have quietly taken over to be used as minions in cyberattacks, typically that of the distributed-denial-of-service (DDoS) variety.
Note: DDoS is an attack where a targeted website is flooded by an overwhelming amount of requests from millions of connected machines (collectively known as a botnet) in order to bring it down.
And get this, VPNFilter even has remote self-destruct capabilities! Yep, it can delete itself and render infected routers inoperable in the process.
According to cybersecurity firm Symantec, VPNFilter works in multiple stages:
Stage 1 – This initial installation is used to gain a persistent foothold on your device, allowing it to survive even after a reboot. This stage is also used for maintaining contact with its command and control center for further instructions.
Stage 2 – The main payload. At this point, it can execute commands, collect files, intercept data, and configure your device. This is also the stage when its self-destructive features are installed. By taking over a section of your device’s firmware, the attackers can then delete the malware remotely and render your router unusable.
Stage 3 – Additional plugins or modules are installed, giving VPNFilter additional capabilities like traffic spying, website credential theft and secure communications through the Tor network.
Here’s a list of the targeted devices:
• Linksys E1200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200
• Netgear R6400
• Netgear R7000
• Netgear R8000
• Netgear WNR1000
• Netgear WNR2000
• QNAP TS251
• QNAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN
Check your Router to see if it is any of the above. If more router models become including, I will list them, also
This information comes from various sources.