500k devices compromised FBI warned

Defending against this threat is extremely difficult due to the nature of the affected devices. The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers. This challenge is augmented by the fact that most of the affected devices have publicly known vulnerabilities which are not convenient for the average user to patch. Additionally, most have no built-in anti-malware capabilities. These three facts together make this threat extremely hard to counter, resulting in extremely limited opportunities to interdict malware, remove vulnerabilities, or block threats. With this the router users to rebot now to kill infected malware, the FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. VPNFilter is a multi-stage, modular strain of malware that has a wide range of capabilities for both cyber espionage and sabotage purpose.

The CISCO’s talos security report says, both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. The behaviour of the attacks on others, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols and could permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. It has also the potential of cutting off internet access for hundreds of thousands of victims worldwide.

The survey has also reveled, VPNFilter was developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. Many infected devices have been discovered in Ukraine and their number in the country continues to increase. VPNFilter is an expansive, robust, highly capable, and dangerous threat that targets devices that are challenging to defend. Its highly modular framework allows for rapid changes to the actor’s operational infrastructure, serving their goals of misattribution, intelligence collection, and finding a platform to conduct attacks,” Talos said.

Tags: 500k devices compromised FBI warned, VPNFilter, FBI, CISCO, Linksys, MikroTik, NETGEAR , TP Link, VPNFilter malware, SOHO, nas, QNAP, Sofacy, Fancy Bear, APT 28, Pawn Storm, varindia