Malware News 5 Tips for Protecting SOHO Routers Against the VPNFilter Malware

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.darkreading.com/vulnerabilities---threats/5-tips-for-protecting-soho-routers-against-the-vpnfilter-malware/d/d-id/1331943
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.

News of how the Russians are alleged to have infected more than 500,000 home routers worldwide via the VPNFilter malware broke last week, leaving home users and security managers scratching their heads about how to best to lock themselves down.

Craig Williams, director of Talos outreach, a leading member of the Cisco Talos research team that discovered the malware, says most SOHO users simply need to reboot their routers and do a firmware upgrade.

“The good news based on our research is that VPNFilter used common hacking techniques on common vulnerabilities,” Williams says. “This was not a zero-day attack.

According to a recent Symantec blog post, VPNFilter is a three-stage malware.

Stage 1 gets installed first and is used to maintain a persistent presence on the infected device; it will contact a command and control server to download further modules.

Stage 2 contains the main payload and does file collection, command execution, data exfiltration and device management. It also has a destructive capability and can effectively "brick" the device if it receives a command from the attackers. It does this by overwriting a section of the device’s firmware and rebooting, rendering it unusable.
...
....
...
Click to expand...
 
  • Like
Reactions: Vasudev, CyberTech, antuketot76 and 3 others
L

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
742
Factory reset is best. Then conduct frequent firmware updates! A "reboot" in this situation will not eliminate everything out in my humble opinion. A factory reset will reset everything back to how it came from the manufacturer. NOTE: Please take all of the vendor's cautions about a factory reset (I will not be held liable in any way shape or form)! Yes, a factory reset can be a pain....However, one cannot be too cautious! Especially in the times that we live in! Even though my Asus router wasn't part of the massive alert I still performed a factory reset. I'm taking no chances even though I felt as though I was 1000% in the clear with all of the precautions I take.

~Brian
 
  • Like
Reactions: Vasudev, harlan4096 and upnorth
F

ForgottenSeer 58943

Frequent updates are the bane of hackers, and intelligence types. The reason is, these updates can cause their methods to either exhibit instability, break, or in some cases render them completely useless.This is an old trick from the old days of the software industry where we would patch something frequently and it would break the cracks. If you patched it enough, crackers would get dismayed/bored and stop, and/or end users would BUY the product simply to get the latest and greatest updates.

The same sort of applies to hardware and frequent updates. This is why for ASUS I recommend Merlin FW, as he updates it much more often than ASUS proper, therefore you have the added protection of frequent updates.

The golden rule with hardware is - if you can't update it, you reset it. If you still can't update it you throw it out. It's compromised.

If you are paranoid (or intelligent/savvy) you might perform regular factory resets and FW reinstalls on ALL of your gear. I wipe my Android Phone, Windows PC and perform Powerwashes(Chromebook) every 30 days, like clockwork. Powerwash takes 15 seconds. Win10 reset on my m.2 systems takes 12 minutes. Android phone resets and restores take 30 minutes and it is mostly automated.
 
  • Like
Reactions: Vasudev, harlan4096, Azure and 1 other person
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
@Lightning_Brian I agree. The reboot advice sux hard IMO and especially since the real issue is still present. Then on the other hand if companies/vendors plays the I know nothing game the customers are screwed big time anyway.

 
Last edited:
  • Like
Reactions: Vasudev and harlan4096
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • Wow
AVrecon malware infects 70,000 Linux routers to build botnet
Replies
0
Views
1,105
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,164
News Archive
codswollip
codswollip
MuzzMelbourne
    • Wow
    • +Reputation
Security News Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns
Replies
1
Views
1,572
Security News
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top