Did You Know Your Router Can be Infected?

A new type of malware is targeting routers in what is considered a large enough threat that even the FBI is addressing it. Even worse, a router isn’t necessarily a device you’d think would be vulnerable to attack from a hacker. What can you do to keep your business’s internet access points secure from hacking attacks? Let’s dig in to the details about what the VPNFilter malware does and how you can address it.

Explaining VPNFilter
VPNFilter targets consumer and small business grade routers. It’s thought that the VPNFilter malware originated from a hacking group called Sofacy. The malware itself takes three steps to become an issue for your organization.

First, the malware sets itself up so it will persist even if the device is rebooted or turned off. The second stage of the attack consists of the malware installing permissions for itself to change router settings, manage files and execute commands. This allows the router to essentially self-destruct, leading to intermittent and possibly full loss of internet connectivity. The third stage of this malware lets the hackers look at the data packets passing to and from the device, as well as issuing commands and communicating through the Tor web browser.

The reason the FBI recommends resetting your router is because the second and third steps are wiped when you do so, but the first stage remains regardless.

Is Your Router Affected?
While not all routers are affected, there’s still a sizeable list of confirmed contaminated devices. Some of the affected brands include:

Asus
D-Link
Huawei
Linksys
MikroTik
Netgear
TP-Link
Ubiquiti
Upvel
ZTE

For a comprehensive list of affected devices, you can see specifics for each brand at Symantec’s website: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

How to Fix It
The best way to resolve these issues with VPNFilter is to perform a factory reset for your router, which completely deletes anything installed during the first stage of the threat. If the router’s manufacturer has released a patch for the vulnerability, you can also install it following a factory reset so you’ll never have to deal with this vulnerability again.

For more updates and tips on some of the latest threats, keep an eye on our blog. If you think your router is susceptible to VPNFilter, contact Advisors Tech at 844.671.6071 for a full analysis.