If you haven’t heard of the VPNfilter router malware you need to read this. VPNfilter a giant-sized Internet of Things botnet that was revealed 2 weeks ago. And his just went from bad to worse. Originally thought too only affect 15 to 20 home / small business routers and NAS devices Made by Linksys, Mikrotik, Netgear, TP link , and Q nap, has now been expanded to include at least another 56 from Asus, Cisco, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE
Cisco Talos get that information by trying to determine which models VPNfilter has been detected on be in the size of the job it is rather difficult to complete. And a complete list is unlikely.
The update alert from Talos confirms that VPN filter can carry out man in the middle interception of HTTP and HTTPS web traffic which means that is not only able to mirror traffic in capture Names and passwords but potentially deliver exploits to network devices also.
Routers Have become a big target but it is relatively rare that malware is able to affect so many of them and especially simultaneously.
The major problems with VPN filter is that there doesn’t seem to be a simple way to detect it. The safest assumption is that owners from any router from one of the affected vendors should take immediate precautions.
The chances of VPN filter infecting a router are low given the number Infections detected by Talos versus is the number of routers out there. However, it’s still a good idea to do the following things.
Unfortunately, simply rebooting your router is not enough. elements of VPNfilter can reportedly survive this and reinstate the infection. That leaves owners with only one option a hard reset which takes the router back to the factory state. (This will wipe your devices configuration. Make sure you back it up.)
If opting for the easier option (a reset while connected to the internet), the router will guide you through the process of setting up a new internet connection, before doing the following:
This is also a good time to change the router’s password and username. Plus, you should check the router to see whether any of the following interfaces are turned on when they don’t need to be:
If your router is getting long in the tooth or no longer receiving regular firmware updates, consider buying a new one after assessing which vendors have a good record of patching vulnerabilities within a reasonable timeframe.