The Russians are at it again, the same group that hacked the Democratic National Committee ahead of the last Presidential election in 2016, "Sofacy Group" has released a malware that is capable of disabling an internet router. The malware is called VPNFilter and it has already affected hundreds of thousands of routers in other countries. In addition to causing your router to become inoperable, it can collect data and therefore has the capability of stealing logins and passwords.
According to the news release there is no easy way to know if your router has been compromised. CNET reports that some models from LinkSys, Netgear, TPLink, QNAP, and Mikrotik are affected.
According to CNET;
"The U.S. government says it has seized a critical web domain, called toknowall.com, which the Russian hackers were using to disseminate the malware.
So, now, when you reboot your router, it throws a kink in their system, essentially destroying the part of the malware that allows hackers to spy on your activities. The install package, on the other hand, will be left intact. After a reboot, when that package attempts to download the other nasty parts of the malware, the FBI will be able to trace it."
The article states that the easiest way to restart is by pressing and holding the reset button on the back of the router, however, I would advise caution doing this since performing this on some models can cause a factory reset. I would disconnect and then reconnect the power to the router myself to reset but it would be best to consult your router's manual.However, then there is this from the article;
But some security experts advise that a factory-reset is the only sure-fire way to purge VPNFilter from a router. Once that's done, you'll have to reconfigure all your network settings. Check your model's instruction manual for help with both steps.
https://www.cnet.com/news/the-fbi-wants-you-to-reboot-your-router-now-to-help-destroy-a-botnet/
https://www.cbsnews.com/news/fbi-urges-internet-users-to-reboot-home-routers/
more from BGR.com;
The attacks appear to be incredibly targeted, as the hackers are looking for specific things. “They’re looking for very specific things,” Williams said. “They’re not trying to gather as much traffic as they can. They’re after certain very small things like credentials and passwords. We don’t have a lot of intel on that other than it seems incredibly targeted and incredibly sophisticated. We’re still trying to figure out who they were using that on.”
But wait, there’s more. The malware can also download a self-destroy module that wipes the device clean and reboots the device.
Getting rid of VPNFilter isn’t an easy task. The malware is constructed in such a way that a Stage 1 attack acts as a backdoor on devices that can be infected, and is used to download additional payloads, Stages 2 and 3, which bring over the more sophisticated features, including man-in-the-middle-attacks and self-destruction.
All routers owners should assume from the start that their device has been infected, and perform a factory reset, Ars says, followed by a software update that could remove the device’s vulnerabilities to Stage 1 infection. Changing default passwords is also advised, as is disabling remote administration. Rebooting the device like the FBI asked might not be enough, however.
http://bgr.com/2018/06/07/vpnfilter-malware-security-threat-fix/
Apple is facing a Class Action lawsuit over Mac notebooks and more news as Macs continue to fade in performance, reliability and relevance.
https://www.zdnet.com/article/why-wwdc-2018-served-as-macs-death-sentence/?ftag=TRE-03-10aaa6b&bhid=2219791
INTEL Generation 8, a Giant Leap in desktop Power
No comments:
Post a Comment