20 Jun Cybersecurity alert: VPNFilter Malware
Hackers have infected more than 500,000 home and small-office routers around the world with malware. The malware, called VPNFilter, works on consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link, and on network-attached storage devices from QNAP.
The following list was published by Symantec:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
Recommended Solutions by Cisco and Symantec
- More invasive step is to do a factory reset, a process that typically involves holding down a button in the back for 5 to 10 seconds. Unfortunately, these resets wipe all configuration settings stored in the device, so users will have to reenter the settings once the device restarts. Users should do this with the guidance of the manufacturer or Internet Service Provider.
- At a minimum, Symantec said, users of these devices should reboot their devices.
- Users should change all the default passwords, update the devices firmware, and disable Remote Administration if possible.
- If you own your own device, people should check in with the manufacture for advice.
- If you rent one of these affected devices from your Internet Service Provider, reach out to them to make sure your device is up-to-date.
Please direct your questions towards your manufacturer. When in doubt, replace your device with one not listed in the affected devices list.
- ARSTechnica reported on 5/23/18 – https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
- Cisco Talos Blog written on 5/23/18 – https://blog.talosintelligence.com/2018/05/VPNFilter.html
- QNAP Security Advisory published 5/24/18 – https://www.qnap.com/en/security-advisory/nas-201805-24
- Symantec blog published on 5/23/8 – https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware