First, the news.
(RNN) – Russia’s hackers are busy folks.
The FBI and Cisco warned us this week that they’ve infiltrated 500,000 routers in more than 50 countries across the globe by using a malware system known as VPNFilter.
The compromised routers could be used for lots of things, but the experts believe the malicious software used to hack them are part of a plan for a huge cyber attack on Ukraine.
To torpedo the Russian plot, the FBI got court approval to seize a domain the hacking group was using to coordinate the operation.
The computer code used in the malware program shares code with previous Russian cyber attacks.
“Defending against this threat is extremely difficult due to the nature of the affected devices,” according to Cisco’s cyber intelligence unit, Talos.
“The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers.”
And most of these routers are older devices that don’t have up-to-date software.
And now from FBI Internet Crime Complaint Center:
May 25, 2018
Questions regarding this PSA should be directed to your local FBI Field Office.
Local Field Office Locations: www.fbi.gov/contact-us/field
FOREIGN CYBER ACTORS TARGET HOME AND OFFICE ROUTERS AND NETWORKED DEVICES WORLDWIDE
The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.
The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.
VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.
The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.
There will be a lot more on this. There are some lists of routers out there. Some of them may have been installed by your Internet Service Provider. The Boston Globe reports, The FBI is urging Internet service providers Comcast Corp. and Verizon Communications Inc. and others to check whether their hardware is vulnerable, and work with customers on updating their routers.
This will be continually updated, until this becomes less of an issue.