Another cyber attack has hit the Internet, but this time the targets are not computers, but network routers. Russian hackers “Fancy Bear” are believed to be behind this attack, which would make it the second big hack they are affiliated with after the alleged interference in the 2016 US elections. Approximately 500,000 wireless routers have been infected with the malware, called “VPNFilter,” according to cyber security companies Symantec and Talos.
The malware has two different methods of attacking routers. First, it can monitor all Internet traffic through these routers and extract the information from those connections. Secondly, it allows the hackers access to the routers and the ability to switch them off. Theoretically, the hackers could then switch off all 500,000 routers at once in a planned mass cyber-attack. Because the potential for massive disruptions is so high, both the investigating companies decided to release their findings at this time, even though their investigations into the attack are still ongoing. As a result of the attention, the FBI has stepped in and seized both a domain and a server that was associated with the attack. At this time, the seized server is still receiving data and the FBI is viewing IP addresses only so that it can continue its investigation.
The malware is designed to first infect the router. Exactly how this is done is still being determined, but the hackers seemed to have targeted “older routers with well-known public vulnerabilities” including Linksys, MikroTik, NETGEAR, QNAP, and TP-Link. Stage two of the attack involves monitoring and data collection. What makes the infection a particularly problematic one is that normally an infected router hack could be cleared up by doing a full reboot of the router. This is not the case with VPNFilter.
It is important to not only keep your computers and servers updated with the latest patches and security software, but also to make sure other hardware, such as routers, are up to date.
If your router is infected with VPNFilter, there is currently only one sure way of getting rid of it: Toss the router. As stated earlier, rebooting the router is not a guaranteed way of removing the infection. If you are using an ISP-provided router, your ISP may provide a new one.