Tech

VPNFilter malware that attacks routers is far more dangerous than thought

Want create site? Find Free WordPress Themes and plugins.

Disclosure

Every product here is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps support our work.

D-Link DIR-300, one of the devices affected by the VPNFilter malware.
D-Link DIR-300, one of the devices affected by the VPNFilter malware.

Image: D-Link

VPNFilter, a recently discovered malware that attacks routers and switches, is far more dangerous than originally thought. 

Cisco Talos, which first posted information about VPNFilter in May, has now updated its blog with new findings about this threat, and the results are not good. 

Originally, Cisco Talos said that VPNFilter attacks several brands of home and small office routers — namely Linksys, MikroTik, NETGEAR and TP-Link — as well as QNAP’s NAS devices, with the ability to steal certain types of data and render infected devices unusable. 

“In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints,” Cisco Talos wrote in a post dated Wednesday. 

The list of routers affected has increased significantly and now includes devices from ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. 

As for VPNFilter’s additionally discovered capabilities, they include bypassing SSL encryption and thus stealing sensitive data, injecting malicious content into normal web traffic and infecting other devices on the network. 

According to Cisco Talos, the malware is mostly active in Ukraine. This is interesting given the recent joint cybersecurity alert by the UK and U.S. authorities, warning of “malicious cyber action” by the Russian government, which is allegedly exploiting vulnerabilities in routers and switches to steal sensitive data. 

Even if you’re located outside of Ukraine, it does not mean you’re safe. VPNFilter’s behavior is unpredictable and anyone with an affected device should take measures to protect themselves. 

Cisco Talos has a list of affected devices here (scroll down to “Known Affected Devices”), and it’s not a short one. If you have any of the router models on that list, Symantec recommends you reboot it immediately, which will partially get rid of the threat, and then update its firmware, if an update is available. A hard reset of the device should get rid of VPNFilter completely, but it will also reset your configuration details. Note that even if you remove the threat in this way, your router will still stay vulnerable to this threat until a fix is applied. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f85909%2f1071142c 3cac 4918 b056 883e8357b9ac

Did you find apk for android? You can find new Free Android Games and apps.
Advertisements
Show More

Related Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close
Close