Skip to main content

Foreign Cyber Actors Target Home and Office Routers and Networks

May 30, 2018 02:07PM ● By Staff Writer

The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.

Technical Details

The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.

Threat

VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.

Defense

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

The FBI recommends the following:

If you are using a higher level firewall, such as Cisco ASA or Sonicwall TZ series, no action should be needed.
 
If you are using a home or small business level router, specifically Linksys, MikroTik, Netgear and TP-Link brands, you should at a minimum reboot your router to disrupt the malware. To do this, simply unplug the device for a few minutes and then plug it back in.
 
If you are using any of the following specific routers, it is also recommended that you factory reset and do a firmware update. This process will remove all settings in your router and it will need to be fully setup again.

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN