WASHINGTON 鈥 Malware linked to Russian hackers has infected at least a half-million small office and home office internet routers in several countries, and federal officials are warning Americans to take steps and prevent infection.
The warning centers on malware known as VPNFilter, which the FBI said can collect or delete sensitive information and render a device inoperable. According to Cisco Systems, the malware has been 鈥渁ctively infecting Ukrainian hosts at an alarming rate.鈥
In addition to routers, the malware also targets network-access storage devices.
鈥淏oth the scale and the capability of this operation are concerning,鈥 said a post on Cisco鈥檚 Talos security blog.
聽to a hacker group known as 鈥淪ofacy Group,鈥 also known as 鈥Fancy Bear.鈥
Several 鈥渢rusted鈥 ISPs have been notified, the Justice Department said, but both users and administrators are advised to reboot (or ) their devices as soon as possible. This temporarily disrupts the malware. The devices should then be secured with passwords and encryption. Network devices鈥 firmware should also be upgraded.
Data Doctors’ Ken Colburn said the router brands known to be vulnerable include Linksys, Netgear, QNAP, MicroTik and TP-Link. “But my advice is that everyone with a consumer router should assume that it may be vulnerable and update it anyway,” he said. “The older your router is, the more likely that it鈥檚 vulnerable.”
How did your router get infected?
“The most likely methods of infection are possible because most consumer routers are still using the default admin username and password and haven鈥檛 patched known security exploits after they were initially set up,” he said.
As for how you can protect your devices, Colburn outlined the following steps:
The steps to protect your router from this and many other router specific security threats is pretty straightforward.
Before you perform any of these steps, read them all so you don鈥檛 get stuck in the middle of the process without something you鈥檒l need. It鈥檚 also critical that you document any of the settings that you鈥檙e currently using such as level of encryption, SSID and passwords so you can re-enter them when the reset and update are complete.
If you don鈥檛 use the exact same SSID and password when you鈥檙e done, you鈥檒l have to reset each device that connects to your Wi-Fi network with the new credentials, which can be a bit of a hassle if you have lots of home automation or IOT devices in your home.
You鈥檒l also need to make sure you have an Ethernet cable to connect your computer directly to your router before you get started.
The first step is to find out the exact model of router you own (usually stamped on the bottom or side) and download the most current firmware from the manufacturer鈥檚 support website (If you have a newer router that has the automatic update feature built-in, you can skip this step).
Since there鈥檚 no simple way to know if your device is infected, performing a hard reset, which wipes out the malware and all your settings is the next step.
Once your router has restarted and your connected computer is able access it, carefully follow the installation instructions for updating the firmware.
Finally, make sure you change the default username and password for the administrative interface to something only you will know and re-enter all the connection settings you documented prior to resetting.
Get more details about the malware and how you can protect your devices on Cisco’s .
