Slingshot Help Desk personnel monitor cyber security alerts from vendors, researchers and government agencies to respond quickly to threats to our Computer Support and Services clients and their IT networks.
“VPNFilter” is among the latest malware of significance detected and reported. This threat is unusual in that it attacks SOHO (Small Office Home Office) routers and Internet facing NAS (Network Attached Server) servers and not computers themselves. Talos Intelligence reports “infected devices to be at least 500,000 in at least 54 countries.” US-CERT, the FBI and DHS have all released alerts on this attack.
IT Networks with routers that have outdated firmware and continue to use the original default username and password (admin, password, 123456) are most susceptible to intrusion. Once the router or NAS is breached, the exploit can begin recording sensitive network traffic and data, leverage DDoS attacks on other networks or destroy (brick) the host device by overwriting its bios. This cyber threat is especially difficult to protect against as routers and NAS servers are, by design, exposed to the Internet without the layers of protection that network computers are secured with.
Devices Impacted
Below is a list from Symantec of devices that the “VPNFilter” exploit has proven to be capable of infecting. This list was current a few days ago but will certainly grow as research and reporting continues. Keep in mind that every router should routinely have it's firmware updated. Just because yours is not on this list does not guarantee that it is not vulnerable.
Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
Steps to Protect Your Network
Our technical support engineers have compiled this step by step process to protect your network.
If you suspect in the slightest way that your device may already be infected, perform a hard reset on the router to revert it back to factory settings then reconfigure from scratch.
Restart the router to temporarily disable the malware.
Update the router’s firmware with the latest available version from the manufacturer’s website.
Change the router’s password to an 8 to 10-character, unique, complex password.
Even if you have a good password, now is the time to update it.
Disable remote management and access to your router or NAS.
If your router is five or more years old, it is time to consider replacing it with newer, faster and more secure technology.
Slingshot uses RMM (remote monitoring and management) and patch management technologies to maintain and secure client networks. None are threatened by this new exploit as all their software and hardware are properly patched and updated with the latest security fixes. All equipment and network access are secured with long, complex and unique passwords. Contact us today for help with your North Shore business network.
For details on how to address issues on your devices click the manufacturer's links below.