You might have seen reports that the FBI is warning home users of a new foreign cyber-attack campaign targeted at your routers and network-attached storage (NAS) devices. Here’s a breakdown of exactly what has happened, and what you need to do to keep your home IT systems safe and secure.
What is VPNFilter?
This is the name of the new malware threat facing home users globally. At least 500,000 small and home office (SOHO) routers and network attached storage (NAS) devices have been infected by the malware. It has been blamed by the Justice Department on a Russian cybercrime group known as APT28 or “Fancy Bear” with links to the Kremlin.
It’s unknown exactly why the malware is being spread, but it has several capabilities. VPNFilter could:
Have I been hit?
Unfortunately, it’s difficult to tell if your device has been affected as the malware is designed to operate covertly in several stages. The devices named as vulnerable to this campaign include, but may not be limited to:
How do I stay safe?
It’s not known exactly how the hackers managed to infect the 500,000 devices hit so far, but the models listed above contain publicly known software vulnerabilities and/or feature default passwords, which make them easy to attack.
The best course of option is therefore to at least follow the FBI’s advice and reboot your router. Better yet, follow Cisco’s and reset. In more detail:
Trend Micro will be monitoring this ongoing threat, so stay tuned for more insight and updates on how to stay safe. For current technical info on the threat, read Reboot Your Routers on Trend Micro Security News or this article from ArsTechnica.
For additional information, please read the latest from Cisco Talos: A Growing Threat: VPNFilter Malware – Cisco Talos – June 6 Update