Cisco Talos recently publicized the discovery of a malware infection dubbed VPNFilter. VPNFilter targets home and small office routers as well as NAS devices. So far, more than 500,000 devices in total have been compromised. Over the course of a few months, Talos worked cooperatively with multiple threat intelligence patterns from the private sector and the public sector.
“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices.”
What VPNFilter Does
The primary capability of VPNFilter allows the theft of website credentials and other sensitive data moving through the device. You browse the internet, the malware captures data as it passes through. VPNFilter also has the ability to render that device completely inoperable. Devices can be targeted individually or as part of a larger group.
Wait… There’s More
On Wednesday, June 6, Cisco Talos provided an update to their initial release showing that VPNFilter affected more brands than they initially thought. The initial manufactures, listed above, were Linksys, MikroTik, NETGEAR and TP-Link. ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE were added to the list as well as more devices by the original manufacturers. The full list of affected devices can be found in the update from Cisco Talos.
VPNFilter is also capable of more than first discovered. Infected devices can inject malicious content into web traffic as it passes through. Your computer or phone could potentially be exploited with this capability just because you were browsing the internet over Wifi on an infected router.
How to Protect Your Devices from VPNFilter
Here are the recommended procedures for ensuring you avoid becoming a victim. Reset your router or device to factory defaults and reboot the device completely. This should remove the malware by installing the original factory software. If your device is a known affected device or suspected device, also check for the most recent firmware from the manufacturer. If an update is available, apply it immediately. This should remove all traces of infection.
Resetting your router means that it will have to be reconfigured for your network. Pit Crew IT Services can help with any and all of these procedures. If you’re a client of ours, take comfort in the fact that we’re aware of VPNFilter and are making sure that none of your devices are at risk. If you’re not a client, let us know if we can help. Just request a consultation using the button below.