A new malware impacting over 50 types of routers in small businesses and homes has the ability to listen to traffic, steal credentials, and damage devices.
This malware, referred to as VPNFilter, was first discovered in May of 2018 at which point the FBI asked consumers to reboot their home Wi-Fi routers in order to disrupt the malware attack. The FBI also obtained a court order allowing them to seize a domain that is part of the malware’s infrastructure. This means the FBI was able to take over the control of the malware to prevent any further damage.
The FBI has recommended the following steps as a defensive measure:
-Turn your router off, then back on. This may temporarily disrupt the malware and potentially help identify already-infected devices.
-Consider disabling remote management settings on the device.
-Secure the device with a strong, unique, new password.
-Upgrade firmware to the latest available version.
-Replace router completely with one not on the affected list.
Impacted routers include MikroTik, Lynksys, TP-Link, Netgear, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. QNAP network attached storage devices are also affected. The full list of devices impacted can be found here.
To check if your router has been affected, Symantec offers a free tool.
For customers with affected QNAP devices, QNAP has released a security bulletin that contains information on how to remove infections.
Whether or not your device has been affected, this is a great opportunity to start a maintenance schedule for network devices. It is always best practice to check for and apply firmware updates monthly as well as update router login credentials from their default settings.