FBI: Kindly Reboot Your Router Now, Please

Discussion in 'Headline News' started by RickAgresta, May 28, 2018.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    19,834
    Likes Received:
    12,848
    Trophy Points:
    288
    The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

    The growing menace — dubbed VPNFilter — targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office space, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco.

    Experts are still trying to learn all that VPNFilter is built to do, but for now they know it can do two things well: Steal Web site credentials; and issue a self-destruct command, effectively rendering infected devices inoperable for most consumers.

    Cisco researchers said they’re not yet sure how these 500,000 devices were infected with VPNFilter, but that most of the targeted devices have known public exploits or default credentials that make compromising them relatively straightforward.

    “All of this has contributed to the quiet growth of this threat since at least 2016,” the company wrote on its Talos Intelligence blog.

    The Justice Department said last week that VPNFilter is the handiwork of “APT28,” the security industry code name for a group of Russian state-sponsored hackers also known as “Fancy Bear” and the “Sofacy Group.” This is the same group accused of conducting election meddling attacks during the 2016 U.S. presidential race.

    “Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,” the FBI said in a warning posted to the Web site of the Internet Crime Complaint Center (IC3). “The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”

    According to Cisco, here’s a list of the known affected devices:
    LINKSYS DEVICES:

    E1200
    E2500
    WRVS4400N

    MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:

    1016
    1036
    1072

    NETGEAR DEVICES:

    DGN2200
    R6400
    R7000
    R8000
    WNR1000
    WNR2000

    QNAP DEVICES:

    TS251
    TS439 Pro

    Other QNAP NAS devices running QTS software

    TP-LINK DEVICES:

    R600VPN

    Unfortunately, there is no easy way to tell if your device is infected. If you own one of these devices and it is connected to the Internet, you should reboot (or unplug, wait a few seconds, replug) the device now. This should wipe part of the infection, if there is one. But you’re not out of the woods yet.

    Cisco said part of the code used by VPNFilter can still persist until the affected device is reset to its factory-default settings. Most modems and DVRs will have a tiny, recessed button that can only be pressed with something small and pointy, such as a paper clip. Hold this button down for at least 10 seconds (some devices require longer) with the device powered on, and that should be enough to reset the device back to its factory-default settings. In some cases, you may need to hold the tiny button down and keep it down while you plug in the power cord, and then hold it for 30 seconds.

    https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
     

Share This Page