May 29th, 2018
What's the issue?
On Friday, the FBI issued an alert to urge any owners of small office and home office routers to reboot the device. The FBI disclosed that "foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide." The hackers used a malware called VPNFilter to infect the routers, and once infected the malware is possibly capable of collecting information, performing device exploitation, blocking network traffic and making the routers inoperable. Cisco, a leading manufacturer of router and security products, estimated that at least 500,000 routers from numerous manufacturers in at least 54 countries including Canada and USA had been infected by the malware. The FBI also stated that at least one manufacturer of NAS drives (network-attached storage) has been targeted by the same malware.
What should I do?
The FBI is asking any owners of routers to reboot them to "disrupt the malware and aid the potential identification of the infected devices." An infection of this type will automatically reinfect the device when it comes back up, however, in this case, the FBI now has under its control by court order the C+C (command-and-control infrastructure) of the threat, so any attempts by the malware to reinfect the router will be identified by the FBI by the IP address of each device. The FBI will then provide the IP address of infected devices to The Shadowserver Foundation, the non-profit volunteer-based cyber security professional organization that will disseminate the IP addresses to those who can assist with remediating the VPNFilter botnet, including foreign CERTs (Computer Emergency Response Teams) and ISPs (Internet Service Providers). The alternative is to follow the device's instructions to do a full factory reset, or replace the device and destroy the current one; both will require a complete re-setup of your router. To increase your protection of your network devices, you should also disable remote management setting on the devices and secure them with stronger passwords and encryption. As well, be sure your network devices are running the latest firmware available.
To view the FBI bulletin click here.
FBI Public Service Announcement - Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
For more information:
The New York Times - F.B.I.'s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware
The United States Department of Justice - Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices