FBI Urges Businesses & Consumers to Reboot Routers

  /     /     /  
Publicated : 22/11/2024   Category : security


FBI Urges Businesses & Consumers to Reboot Routers


After the discovery of botnet malware called VPNFilter last week, the FBI is urging small businesses and consumers to reboot their routers to stop these devices from being used in an attack.



The FBI is urging small businesses, as well as consumers, to reboot and restart their routers, following a disclosure last week of a particularly sophisticated piece of botnet malware.
The malware, dubbed VPNFilter, was discovered by the Secret Service of Ukraine and dissected by researchers at Cisco Talos and Symantec. The FBI later gained control of some of the servers used in the attack. These domains are the ones that allowed the malware to regenerate itself.
Overall, Talos and Symantec believe that VPNFilter infected some 500,000 routers and Network Attached Storage (NAS) devices mostly used by small businesses and home users. (See
FBI Knocks Out VPNFilter Malware That Infected 500K Routers
.)
In its warning
, the FBI, along with the US Justice Department, offered a few additional details about VPNFilter, including the agencys belief that the Sofacy cyber espionage group was behind the development and spread of the malware.
(Source:
Flickr
)
Sofacy is also known as Fancy Bear or APT28, which many security experts believe is backed by the Russian government, and is involved in a series of cyber espionage incidents throughout the world. (See
Fancy Bear Linked to DealersChoice Attacks in Europe
.)
What made VPNFilter particularly complex is that the malware was developed as a three-stage attack. The first stage reloads the malware after a reboot, which would normally erase the infection. The second stage contains the main payload and Stage 3 consists of plugins that work with the second-stage payload.
Now entering its fifth year, the
2020 Vision Executive Summit
is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.
When the FBI seized the domains last week, agents took control of the servers that were part of Stage 1, meaning that the malware could not regenerate itself.
Still, the FBI is urging those businesses and home users to reboot their devices.

Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second stage malware and causing the first stage malware on their device to call out for instructions. Although devices will remain vulnerable to re-infection from the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.

Last week, Symantec released a list of possibly infected devices:
Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
Related posts:
Satori Botnet Plays Hidden Role in Cryptomining Scheme, Researchers Find
Researchers Detail Self-Learning System That Secures IoT Devices
At-Risk Routers & Russian Hacking Plans Stir Talk at RSA
Misconfigured Routers Could Be Used for Botnets, Espionage
— Scott Ferguson is the managing editor of Light Reading and the editor of
Security Now
. Follow him on Twitter
@sferguson_LR
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI Urges Businesses & Consumers to Reboot Routers