IT Solutions Blog

5 Actions to Protect Against VPNFilter Malware

Posted by Rose Doherty on Jun 11, 2018 10:05:00 AM

VPNFilter-cybersecurity-protect-business-network 

Cisco's Talos threat intelligence group has reported that VPNFilter malware is more dangerous than initially thought.   The FBI is urging the public to take steps to protect against VPNFilter and improve router security.  We step you through the 5 actions you need to take now.

What is VPNFilter?

On May 23, Talos, the threat intelligence division for the tech giant Cisco, announced a new malware which is now known as VPNFilter. The threat is now being called a "man-in-the-middle attack, which allows attackers to modify traffic going through as many as 500,000 routers globally" said Craig Williams, Cisco Talos outreach lead. 

According to Williams,  "It can look for things like credit card numbers, banking credentials. Considering it's man-in-the-middling all of the traffic, it could even modify pages coming back from your bank if they don't protect against that, meaning they could steal money from you while showing you the right amount at home."

Routers infected with VPNFilter are capable of: 

  • Preventing internet access 
  • Rendering an infected device unusable
  • Collecting highly sensitive personal information
  • Enlisting your device to spread the malware

To date, VPNFilter has targeted home and small office-type routers. Talos has added several new router models to the list of potentially affected devices, and confirmed that as of today, no Cisco devices have been infected.  

5 Actions to Protect Against VPNFilter 

There is no way to be sure if your router is infected without specialized tools,  so the FBI is recommending that everyone perform a reboot of their router immediately.  This is an important first step, but security experts are encouraging people to follow all 5 of the actions listed below to  protect against VPNFilter and increase router security. 

1.  FBI Urges public to Reboot Router Immediately

If your router is infected with VPNFilter, rebooting will remove Stage 2 and any Stage 3 elements present on the device. This will temporarily remove the destructive component of VPNFilter. However, if infected, the continuing presence of Stage 1 means that Stages 2 and 3 can be reinstalled by the attackers unless you complete all of the recommendations listed below.  

  1. Reset to factory default 
  2. Reboot device

 2. Update Your Firmware

Router manufacturers continuously roll out security updates to address known vulnerabilities, and if your router has the latest updates, you're much less likely to be infected with VPNFilter which takes advantage of known vulnerabilities. If your router allows for automatic updates, make sure you have this feature enabled.  

3. Create a Strong Password

Be sure to create strong passwords. The default credentials provided when you purchase the router are easily stolen by hackers. Strong passwords have a minimum of 8 characters, include both upper and lower-case letters, numbers, and symbols. Change passwords frequently, keep them confidential and never use the same password twice.  

4. Disable Remote Management Settings

If you don't use Remote Management for your router, turn this feature off. This denies access to the router's control panel from outside your home network. This feature is typically off by default, but you should confirm this in your settings.

5. Enable Encryption 

The first line of defense for your wireless network is encryption, which encodes the data transmitted between your PC and your wireless router. Many routers ship with encryption turned off, and many users don't turn it on, leaving themselves completely exposed. Enable your router's encryption, and use the strongest form supported by your network. The Wi-Fi Alliance has just announced new enhancements in configuration, authentication and encryption standards for Wi-Fi CERTIFIED devices in 2018.  

 

Download The Ultimate Cybersecurity Checklist

 

 To learn how to implement a multi-layered cybersecurity plan for your business, call us at 877-843-5767 or visit our website at  www.intellisuite.com.  

Topics: cybersecurity tips, malware, vpnfilter