News:

Welcome to MySwag.org - Australia's #1 Off-road Camper Trailer Forum.

Main Menu

Estimated 500,000 routers infected with VPNfilter Malware

Started by Troopy_03, May 26, 2018, 03:14:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Troopy_03

May 26, 2018, 03:14:24 PM
Did a search and didn't see any other mention, apart from a 6 year old thread on a similar thing.
https://www.cnet.com/news/us-takes-aim-at-russian-hackers-who-infected-over-500000-routers/

Very interesting report.
4.2L TD Toyota Troopy, (Clarke's Country Camper Trailer, softfloor.) sold it and bought a Avan Ray small poptop caravan.

D4D

#1
May 26, 2018, 04:24:32 PM
Interesting, if it is the same vuln I think it is, Cisco quietly released an update for this a few months ago.
I owe, I owe, it's off to work I go...

Prado Garage Queen

bodgie

#2
May 27, 2018, 12:58:27 PM
Cisco identified this malware, info is available here:

https://blog.talosintelligence.com/2018/05/VPNFilter.html

Some key extracts from this report:

QuoteThe known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues.

QuoteLastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.

QuoteThe type of devices targeted by this actor are difficult to defend. They are frequently on the perimeter of the network, with no intrusion protection system (IPS) in place, and typically do not have an available host-based protection system such as an anti-virus (AV) package.

We are unsure of the particular exploit used in any given case, but most devices targeted, particularly in older versions, have known public exploits or default credentials that make compromise relatively straightforward. All of this has contributed to the quiet growth of this threat since at least 2016.

If you have an impacted device from Linksys, Netgear or TP-Link or Mikrotik (which isn't very common in Oz) router I'd be checking for an update from the manufacturers website to see if they have a fix for your router/modem.

If the device is more than 2 years old, I'd be very doubtful there will be an update. Unfortunately this will mean that you're router is vulnerable and possibly infected.

Best advice I can offer is to not use old and unsupported (no updates available) IT equipment as it is becoming increasingly risky to both you, and other users of the Internet.
Print
Go Up Pages1
User actions