FBI, DHS, and UK Authorities issue warning over VPNFilter
The FBI, DHS and UK authorities have issued a warning for the VPNFilter malware threat. According to Alert TA18-145A, there are concerns that actors will use VPNFilter to target routers and “collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic.”
Cisco researchers have indicated the following devices are known to be vulnerable:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
The warning instructs that you install any new firmware for your routers and, after updating, reset your router. Even if you don’t have one of the listed devices, its recommended you update and reset your router as well.
Also, as a good practice and to protect yourself from repeat infection, ensure your router administration credentials are not set to the factor default.
According to Cisco’s Talos, the VPNFilter malware is known to have already infected at least 500,000 network devices across 54 countries.
This clearly illustrates an important IT lesson: relying solely on your firewall for protection isn’t enough. Malware is becoming more sophisticated and actors are looking for any way into your environment.