SoylentNews is people
SoylentNews
The malware, called VPNFilter, has infected more than 500,000 routers in 54 countries, researchers say. More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco's Talos Intelligence Group warn. The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords, and can monitor industrial control systems.
An attack would have the potential to cut off internet access for all the devices, William Largent, a researcher with Talos, said Wednesday in a blog post.
Late Wednesday, the FBI received court permission to seize an internet domain that the Justice Department says a Russian hacking group, known as the Sofacy Group, was using to control infected devices. The group, which also goes by the names Apt28 and Fancy Bear, has targeted government, military and security organizations since at least 2007.
"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities," Assistant Attorney General for National Security John Demers said in a statement.
Attacks on routers strike a nerve not only because they can halt internet access, but also because hackers can use the malware to monitor web activity, including password use. In April, US and UK officials warned about Russian hackers targeting millions of routers around the world, with plans to carry out massive attacks leveraging the devices. In that announcement, the FBI called routers a "tremendous weapon in the hands of an adversary."
[...] The Cyber Threat Alliance, which Cisco is a member of, has briefed companies about the destructive malware, calling VPNFilter a "serious threat."
"It has destructive capability. The malware's flexible command structure gives the adversary the ability to use it to 'brick' these devices. That's not a capability usually built into malware like this," Cyber Threat Alliance President Michael Daniel said.
Talos is recommending that people reset their routers to factory defaults to remove the potentially destructive malware and update their devices as soon as possible.
(Score: 4, Insightful) by black6host on Saturday May 26 2018, @02:16AM (2 children)
Because we all know that factory defaults are the most, secure, and strongly password and admin name protected! (I mean, who would think of entering nothing? Nobody, that's who!) Ok, maybe I'm exaggerating. I hear that admin and (nothing) for password are pretty effective.
(Score: 1, Insightful) by Anonymous Coward on Saturday May 26 2018, @04:29AM
The reason they want you to reset it to factory defaults is because the malware survives a reboot. If you don't reset it to factory defaults, the malware is still there waiting to be activated once again.
(Score: 2) by crafoo on Saturday May 26 2018, @11:17AM
Well they couldn't just say, "reset your routers to the default NSA-backdoored state", could they? At least they are still trying to hide it under the guise of protecting our best interests. For now.