500K Routers Worldwide Pwned By VPNFilter Malware
Cisco’s Talos Intelligence Group is sounding the alarm about a new type of malware called VPNFilter. The malware contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems. And an attack would have the potential to cut off internet access for all the devices connected to the router. Ukraine seems to be particularly hard hit, which combined with what has been discovered about the malware, implies that this is Russian in origin.
Routers from Linksys, MikroTik, Netgear and TP-Link are affected. Netgear has suggested to users everywhere to upgrade the firmware on their routers. Nobody else seems to have any specific advice for users of their products. Which is of course bad.
In terms of protecting yourself, here’s the best that from Cisco’s Talos Intelligence group:
- Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
And that’s pretty much all the average end user can do. Hopefully more robust advice comes in the days ahead as this is far from trivial.
June 7, 2018 at 10:14 am
[…] VPNFilter malware that infected over 500,000 routers and NAS devices across a number of countries is much worse than previously thought. According to new research by […]
July 2, 2018 at 9:54 am
[…] might remember that a few weeks ago, a very dangerous router malware named VPNFilter was discovered, and it caused massive levels of concern as it installed itself on routers and was […]
April 3, 2022 at 8:51 am
[…] is something that I’ve written about a few times over the last few months. This implies that Russia is behind this attack. Which according to […]