FBI Issues Warning About VPNFilter Router Attacks

Charles KillmerCybersecurity & Compliance, Financial IT, Healthcare IT

The FBI recently issues a warning about a malware attack specifically targeted at “consumer-grade” routers. The malware, called VPNFilter, is believed to have originated in Russia. The list of routers believed to be affected are models that can typically be purchased at retailers like Best Buy or are provided by internet service providers (ISPs) like Spectrum, Time Warner and Charter.

This malware has not been found to affect commercial-grade Cisco or Juniper routers like the ones used by Netgain. If the vulnerability was found to affect any Cisco or Juniper products, Netgain would update those devices at no charge, regardless of any known vulnerabilities to the specific products we deploy and manage. As part of general maintenance, all Netgain-managed routers receive regularly scheduled firmware updates to ensure that all routers have the latest updates and patches installed.

If you or any one of your staff has one of the following router models installed at home, it is important to take action. Even though these devices might be found in your users’ homes, you may be putting your business at risk if they connect to your network. We highly recommend educating your staff and requesting they check their home routers against the list of affected devices.

Here is the most up-to-date list (at time of posting) of router models with known vulnerabilities. (*Note that this is likely an incomplete list and that other devices could be affected.)

  • LINKSYS: E1200, E2500, WRVS4400N
  • NETGEAR: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000
  • TP-LINK: R600VPN
  • MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS: 1016, 1036, 1072
  • QNAP: TS251, TS439 Pro, Other QNAP NAS devices running QTS software

What to do if your router is affected

  • FIRST: contact your internet service provider (ISP)–Spectrum, Time Warner, Charter, Comcast, etc.–for recommended next steps
  • Reboot your router — unplug the router, wait 30 seconds and then reconnect the router to power
  • Change the default password of your router and document it in a secure location — Some vulnerabilities take advantage of the fact that people leave the default password enabled; do a quick Google search if you’re unsure how to change your router’s default password
  • Visit the manufacturer’s website to check for firmware updates quarterly — the manufacturer’s website should also let you know if your device has reached end-of-support stage and will no longer be updated
  • Remember that this device is the first line of defense against hacking into your network, and if it is not configured properly you could be allowing anyone to access anything stored on your PC or Apple computer
  • Newer computers and phones have an integrated firewall that is enabled by default — this gives you an additional layer of protection, but it requires updates, too!
  • Think about enabling a free web filtering service such as OpenDNS Family Shield
  • If you need additional assistance, contact your family’s designated “tech geek” or call your local GeekSquad for help

 

If you’re interested in the full technical breakdown of the attack, read this article.