To prevent users from a new malware called VPNFilter that is affecting hundreds of thousands of home and office routers, FBI has issued an urgent recommendation to all the users to turn the routers off, and then turn it back on.
According to the Federal Bureau of Investigation (FBI), the malware can collect information that passes through routers, exploit the devices, and block network traffic.
Cisco Talos, the threat intelligence division of Cisco, found that VPNFilter has already infected around 500,000 small office and office routers in 54 countries. The malware has been spread by the Sofacy Group (also known as Fancy Bear and APT 28), which is believed to be backed by the Russian military intelligence agency.
Small office/home office (SOHO) routers, network devices, and network-attached storage (NAS) devices are vulnerable to the attack.
The routers from several manufacturers including MikroTik, Netgear, Linksys, and TP-Link were found compromised with the malware.
Researchers at Talos further added, “The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols.
Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”
FBI advised all the users of small office and home routers to reboot the device to temporarily disrupt the malware if present. Further, the bureau also recommended to upgrade the device firmware and set a new secure password, and disable the remote-management settings, if any.
Also read: Slingshot malware attacking router-connected devices since 2012 without detection