Reboot your router now to protect it from malware

Do you have a router at home? Most of us do.

The FBI has issued an alert of "foreign cyber actors" using VPNFilter malware to target small office and home office routers, and recommends that router owners reboot their devices now. A reboot will not only temporarily disrupt the malware, it will also assist the FBI in possible identification of infected devices.

The FBI further recommends that router owners consider: disabling remote management settings on devices, securing them with strong passwords and encryption when enabled, and upgrading network devices to the latest available versions of firmware.

Following are the full details from their release "Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide."

Summary

The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.

Technical Details

The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.

Threat

VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.

Defense

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

Source: https://www.ic3.gov/media/2018/180525.aspx

Justice Department Release:
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected

Technical Overview from Cisco's Talos Intelligence:
https://blog.talosintelligence.com/2018/05/VPNFilter.html

Written by sobodda@brown.edu on