VPNFilter router malware: Capabilities, risks, and reach
On May 25, the FBI had asked US residents to reboot their computers to help destroy a malware that infects routers. Turns out, the malware, dubbed VPNFilter, is still alive. Further, the security researchers have discovered that it has far more sophisticated capabilities that anticipated initially, and thus poses a much greater security threat to users. Here's all about it.
The FBI's announcement to the public
"The FBI recommends any owner of small office and home office routers to reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices...Network devices should be upgraded to the latest available versions of firmware," the FBI had announced.
The FBI asks all US residents to reboot their routers
On May 24, Cisco's Talos Intelligence Group said that over half a million routers and network devices across 54 countries had been affected by a Russian malware which they were calling VPNFilter. Subsequently, the FBI made a public announcement asking all US residents (yes, ALL) to reboot their routers as soon as possible to help kill VPNFilter before its defenses could be strengthened.
The malware belongs to a Russian hacking group
It is believed VPNFilter is being used by a Russian hacking group known as the Sofacy Group. The group goes by several other names too, like Apr28 and Fancy Bear, and is known to have targeted government, military, and security organizations since at least 2007.
The capabilities of VPNFilter, as far as we know
VPNFilter is a sophisticated piece of malware indeed - it can steal login ids and passwords, monitor industrial control systems, and even contains a kill switch for routers which can cut off internet access for all connected devices. Additionally, it contains a module called "ssler" that lets hackers intercept internet traffic passing through the router and inject malicious code into it.
Know which routers are affected
According to Cisco's Talos Intelligence Group, the VPNFilter malware affects devices manufactured by ASUS, D-Link, Huawei, Linksys, Microtik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE.
How you can protect yourself from VPNFilter
According to Symantec, VPNFilter, for now, seems to be mostly targeting routers in Ukraine for some reason. However, there's still a small chance of your router getting infected even if you're elsewhere. If your router's on the list and you think it's been infected, your best bet is to save your login credentials, perform a hard reset, and apply your router's latest firmware patch.
