500K Routers Worldwide Pwned By VPNFilter Malware

Cisco’s Talos Intelligence Group is sounding the alarm about a new type of malware called VPNFilter. The malware contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems. And an attack would have the potential to cut off internet access for all the devices connected to the router. Ukraine seems to be particularly hard hit, which combined with what has been discovered about the malware, implies that this is Russian in origin.

Routers from Linksys, MikroTik, Netgear and TP-Link are affected. Netgear has suggested to users everywhere to upgrade the firmware on their routers. Nobody else seems to have any specific advice for users of their products. Which is of course bad.

In terms of protecting yourself, here’s the best that from Cisco’s Talos Intelligence group:

  • Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.

And that’s pretty much all the average end user can do. Hopefully more robust advice comes in the days ahead as this is far from trivial.

2 Responses to “500K Routers Worldwide Pwned By VPNFilter Malware”

  1. […] VPNFilter malware that infected over 500,000 routers and NAS devices across a number of countries is much worse than previously thought. According to new research by […]

  2. […] might remember that a few weeks ago, a very dangerous router malware named VPNFilter was discovered, and it caused massive levels of concern as it installed itself on routers and was […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: