As most of you know, Finish Line’s “World Headquarters” is my house in Brookfield, Connecticut. On May 15th, Mother Nature unleashed her fury on our town with a tornado or macroburst (tomato, tomatoe) that caused an incredible amount of damage to trees and structures. We’re talking tens of millions of dollars in damage from a storm that lasted less than seven minutes. Just incredible! We were certainly blessed as we didn’t receive any damage, and only lost power for twenty four hours. The Internet was out for a week, but we kept the business afloat as best we could. Now that most of us are back online, a new threat has emerged targeting home and small business routers that can, at best, cut us off from the world wide web once again.
On May 25th, the FBI released a Public Service Announcement regarding a foreign threat that is impacting home and office routers and networked devices worldwide. To put it simply, we’re all potential targets. The alert points to VPNFilter malware that is “able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.” Hackers are able to prevent routers from functioning, and can potentially intercept information passing through the router. If you’d like to read the FBI’s warning for yourself, click here.
After doing some digging, it seems that there are three stages to the VPNFilter malware. Stage one attaches itself to the router, and, unlike most of these attacks, won’t go away if the router is rebooted. This paves the way for stage two, which includes data collection and device management. Part of stage two’s malware overwrites the device’s firmware, reboots it, and causes the device to become inoperable. Unlike phase one, phase two won’t survive a reboot. Stage three adds additional firepower to stage two, including traffic collection and website certificate stealing. Devices known to be affected by this malware include Linksys, NETGEAR, TP-Link, and MikroTik. If the brand of your router isn’t on the list, don’t get too excited, however, as there are an estimated 500,000 infected devices among 54 countries. Research is ongoing, but this is what we know thus far.
VPNFilter malware is extremely dangerous in that there isn’t much that can be done to prevent and later eradicate the infection. The two quickest (and easiest) steps you can take is to 1) reboot your router, and 2) check for and install any updates that may be available for your router. To reboot the router (modem/router if that applies to your environment), simply pull the power cord out of the router, wait thirty seconds, and plug it back in. You’ll need to wait a few minutes before you may connect to the Internet again. Many routers are packaged with software that allows you to manage the router’s settings on a computer or smartphone. That software will regularly check for firmware updates for your router, or you may check for them yourself. Install any that are available. You can also search on your favorite web browser for firmware updates. Simply type in the make and model number of your router, and the word “update”. You’ll be directed to a download link that will allow your device to be kept up-to-date.
While the rest of us sleep, the bad guys never seem to take a rest. Sometimes it seems hopeless, but we good guys will get the last laugh in the end. It’s scary when you think of just how much of our lives depend on the Internet. Everything is done online, and it’s very unnerving to know that we could just be going about our business and suddenly be shut down (or worse). The good news is that you’ll be hearing a lot more about this particular infection, and the product manufactures are working around the clock to make sure that we’re all safe.