Should I Unplug my Router?

By:  |  Category: Blog, Security Thursday, May 31st, 2018  |  No Comments

At our cyber security breakfast with FBI Agent Todd Munoz, one of the big questions that came up was how to protect against “Fancy Bear”–the hacker group, that has been using a malware program called “VPN Filter” to compromise home and small office routers made by Linksys, MikroTik, Netgear and TP-Link, as well as QNAP network-attached storage devices.

The FBI recently took this group down by disrupting the network that had compromised a half a million routers.

FYI…Fancy Bear is presumed to be the Russian hacker group that penetrated the Democratic National Committee and the Hillary Clinton campaign during the 2016 elections, according to reports.

The malware or VPN Filter is “particularly concerning” because components of the malware can be used for the theft of website credentials and to target industrial system protocols, such as those used in manufacturing and utility settings, Cisco Talos Threat Researcher William Largent shared in a recent post.

“The malware has a destructive capability that can render an infected device unusable,” he said, “which can be triggered on individual victim machines or en masse, and has the potential of cutting off Internet access for hundreds of thousands of victims worldwide.”

On Tuesday the FBI obtained a court order from a federal magistrate judge in Pittsburgh to seize control of the Internet domain used by the Russian hackers to manage the malware.

The bureau, which has been investigating the malware since August, discovered a key weakness in the software.

If a router is rebooted, the malware’s core code remains on a device, but all the applets it needs for malicious behavior disappear.

After a reboot, the malware is designed to go to the Internet and reload all its nasty add-ons. By seizing control of the domain where those nasties reside, the FBI neutralized the malicious software.

The FBI has been collecting IP addresses of infected routers so it can clean up the infections globally, according to The Daily Beast.

What You Can Do

  • Users can disrupt VPN Filter simply by rebooting their routers. (However, even after a reboot, it’s possible small remnants of the malware will remain)
  • Apply any patch provided by the device manufacturers to fully clear the infection.
  • Consumers also should enable automatic firmware updates, (most new routers support this)
  • Make sure the firmware in router is up to date, and that router hasn’t been orphaned.
  • If router is end of life, consider replacing it–because any security problems discovered after a manufacturer ends support for a product will not be corrected.

If you need assistance with your router security or have any questions regarding your business managed security services, give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

If you are an EnhancedTECH customer, rest easy, we got your back.

Leave a Comment
Read previous post:
Childish Gambino
Music x Technology: Childish Gambino

Teamwork is integral to any project. That’s why Childish Gambino used the latest technology to empower the teams working on...