FBI RUSSIA WARNING: Russian-Linked Malware Threatens Home Routers
The Federal Bureau of Investigation says that over a half a million home routers have already been affected by what they are calling “Russian-linked malware.” They also claim that Russia intends to target even more devices over the next few weeks.
To solve the problem, the FBI wants you to reboot your router. According to NBCNews, as millions of Americans unplugged for the Memorial Day Weekend, the FBI issued an urgent bulletin (see below) for anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to temporarily thwart the spread of foreign malware linked to Russia.
The title of the public service announcement was: FOREIGN CYBER ACTORS TARGET HOME AND OFFICE ROUTERS AND NETWORKED DEVICES WORLDWIDE. The threat, according to the FBI, is VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.
“More than half a million routers have been identified already as being compromised, so I think there are a significant number of devices that have been affected and it is difficult to estimate how many devices could be affected in the coming days or week,” Shuman Ghosemajumder, chief technology officer at Shape Security told NBC News.
Although Russia is not specifically mentioned in the FBI’s public service alert, Ghosemajumder mentioned that the 500.000 devices compromised come from an analysis performed by Talos, the security arm of Cisco. The company also found the attack present in at least 54 countries. Authorities and security researchers have both said there are many unknown questions when it comes to VPNFilter, including the intentions of the Russia-linked group believed to be perpetrating the attack.
Devices manufactured by Linksys, MikroTik, Netgear and TP-Link were among those found to have been affected, according to the Talos report. While the initial point of infection is unknown for VPNFilter, it has been quietly spreading since at least 2016, according to researchers.
Many of the infected devices have known public exploits and use default credentials, meaning that if someone were to set up their home router out of the box and they never changed the password or updated the firmware, they could be at a higher risk. –NBCNews
“If you have an older router, the odds are greater it may have shipped with a standard password which is the same across all types of the device. Change the router password, make sure the firmware is updated and in some cases, even replace the router,” Ghosemajumder said. But there’s no way to know if your device has been affected.
“If this is addressed broadly, it will cause the malware campaign to lose a lot of its access and reduce the broader risk on a macro level,” said Guy Caspi, the CEO and founder of security company Deep Instinct. There could be broader implications as well, assuming this malware could potentially be used for much largest attacks.
Here is the FBI bulletin in it’s entirety:
FOREIGN CYBER ACTORS TARGET HOME AND OFFICE ROUTERS AND NETWORKED DEVICES WORLDWIDE
The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.
The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.
VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.
The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.
This is some serious stuff here so REBOOT!
TOGETHER WE WILL MAKE AMERICA GREAT AGAIN!