The United States Federal Bureau of Investigation (FBI) is urging everyone who operates a home or small office router — which likely includes most households and small businesses with Internet connections — to reboot their devices as soon as possible.
According to a formal Public Service Announcement made by the FBI on Friday, foreign hackers utilizing malware known as VPNFilter have potentially compromised hundreds of thousands of routers and other networked devices all over the world. While cybersecurity experts are still analyzing VPNFilter in order to understand the full scope of its capabilities and intended mission, by this point in time there is agreement that, at a minimum, the malware lets criminals surreptitiously collect information (such as by stealing login and password information when people visit websites using the Internet connection provided by the router) as well as block network traffic and thereby render routers nonfunctional.
In many cases, rebooting a router will dramatically reduce the danger to users, since portions of VPNFilter need to be reinstalled after a reboot, and the FBI has apparently seized and disabled one of the servers that criminals were using for that purpose. (Note: A full reinfection is still possible – but, criminals would have to expend significant effort in order to successfully reinfect a device, and may be more likely to move on to other attacks). It is also a good idea (both in general and to protect against VPNFilter) to keep your network devices up to date with the latest available, official firmware versions, as well as to disable remote management capabilities. Also, be sure to change all default router passwords to strong passwords. (To learn how to make strong passwords that are easy to remember please see the article, How to Create Strong Passwords That You Can Easily Remember.
VPNFilter is believed by the FBI to have been created by a Russian group known as “APT28,” state-sponsored hackers sometimes known as “Sofacy” or “Fancy Bear” who are also believed to have run various election-related cyber-campaigns during the 2016 US President Election season.
According to researchers at Cisco Talos, the VPNFilter vulnerability exists in routers made by Linksys, MikroTik, Netgear, and TP-Link; because the list known to date may not be a complete list of all vulnerable models, because some users may not properly identify the model numbers of the devices that they use, and because rebooting a router is simple and usually takes under a minute, the FBI is making the recommendation that everyone reboot regardless of what device he or she is using.
For those who are interested, a full list of known vulnerable devices, as well as a technical discussion of the malware, is available via the Cisco Talos blog.
One additional note: Netgear mentions on its website that “According to our understanding of Cisco Talos’s investigation, this malware most likely targets existing vulnerabilities for which we have already released firmware fixes.” – Let that statement serve as yet another example of why it is important to keep firmware up-to-date.