Home / News I have a News Tip

Newly Discovered Malware Called VPNFilter is Targeting at Least 500K Networking Devices Worldwide

Cisco's security arm, Talos, today revealed a several-month-old research on a sophisticated modular malware system dubbed "VPNFilter." Talos says it has been working on the case with public and private sector threat intelligence partners as well as law enforcement. Although the research is still underway, due to the nature of potential threats, a decision was made by the research team to share the findings so affected parties can take the appropriate action.

"Both the scale and the capability of this operation are concerning," says a blog post published today by the Talos team. It continues: "Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide."

Update May 24, 2018: NETGEAR submitted the following statement:

NETGEAR is aware of a piece of malware called VPNFilter that might target some NETGEAR routers. According to our understanding of Cisco Talos’s investigation, this malware most likely targets existing vulnerabilities for which we have already released firmware fixes.

To protect against this possible malware, we strongly advise all NETGEAR router owners to take the following steps:

To make sure that remote management is turned off on your router:

  1. On a computer that is part of your home network, type http://www.routerlogin.net in the address bar of your browser and press Enter.
  2. Enter your admin user name and password and click OK.
    If you never changed your user name and password after setting up your router, the user name is admin and the password is password.
  3. Click Advanced > Remote Management.
  4. If the check box for Turn Remote Management On is selected, clear it and click Apply to save your changes.
    If the check box for Turn Remote Management On is not selected, you do not need to take any action.

NETGEAR is investigating and will update this advisory as more information becomes available.

SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias