Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday May 26 2018, @01:44AM   Printer-friendly
from the taking-the-ball-away dept.

The malware, called VPNFilter, has infected more than 500,000 routers in 54 countries, researchers say. More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco's Talos Intelligence Group warn. The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords, and can monitor industrial control systems. 

An attack would have the potential to cut off internet access for all the devices, William Largent, a researcher with Talos, said Wednesday in a blog post.

Late Wednesday, the FBI received court permission to seize an internet domain that the Justice Department says a Russian hacking group, known as the Sofacy Group, was using to control infected devices. The group, which also goes by the names Apt28 and Fancy Bear, has targeted government, military and security organizations since at least 2007.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities," Assistant Attorney General for National Security John Demers said in a statement.

Attacks on routers strike a nerve not only because they can halt internet access, but also because hackers can use the malware to monitor web activity, including password use. In April, US and UK officials warned about Russian hackers targeting millions of routers around the world, with plans to carry out massive attacks leveraging the devices. In that announcement, the FBI called routers a "tremendous weapon in the hands of an adversary."

[...] The Cyber Threat Alliance, which Cisco is a member of, has briefed companies about the destructive malware, calling VPNFilter a "serious threat." 

"It has destructive capability. The malware's flexible command structure gives the adversary the ability to use it to 'brick' these devices. That's not a capability usually built into malware like this," Cyber Threat Alliance President Michael Daniel said.

Talos is recommending that people reset their routers to factory defaults to remove the potentially destructive malware and update their devices as soon as possible.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by anubi on Saturday May 26 2018, @03:40AM (8 children)

    by anubi (2828) on Saturday May 26 2018, @03:40AM (#684338) Journal

    the FBI called routers a "tremendous weapon in the hands of an adversary."

    I posit that *anything* with remote backdoors, whose security is nothing more than obscurity, is a "tremendous weapon in the hands of an adversary."

    If we are of the meme of "One World, One OS", the weapon is global in scope.

    Now, trying to get several billion people to push a button on the back of their machine to accept an update, well that's gonna take some doing.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 0) by Anonymous Coward on Saturday May 26 2018, @10:31AM (7 children)

    by Anonymous Coward on Saturday May 26 2018, @10:31AM (#684438)

    We tried an update from Netgear a few years ago. It bricked the router, tried several ways to revert with no luck. Called customer service who offered to fix remotely for something over $100 -- more than the router cost in the first place. A bit of internet searching found many others with the same complaint.

    Yes, I'm hesitant to ...
    > push a button on the back of their machine to accept an update, ...

    • (Score: 1) by anubi on Saturday May 26 2018, @10:56AM (6 children)

      by anubi (2828) on Saturday May 26 2018, @10:56AM (#684447) Journal

      The alternative is they do it behind your back... and you suddenly come in one day and your stuff doesn't work.

      Just like all those WIN7 users that got surprise updates to WIN10. ( I am not one of them... still on WIN7 ).

      ( A thank-you goes out to Steve Gibson of Gibson Research that gave me a lot of hints on how to avoid the eventual takeover )

      Now its a big guessing game over what's not working and why.

      At least, if you can correlate the failure with pushing the button, you know who the culprit is.

      And who to go after.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 1) by anubi on Saturday May 26 2018, @11:07AM

        by anubi (2828) on Saturday May 26 2018, @11:07AM (#684454) Journal

        Oh yes... and the stuff I make, its based on the Arduino... and mine require a jumper in place on the physical board if you want to overwrite its program.

        You are pretty safe until you install that jumper. Then you have every privilege I have as far as having the machine do what you tell it to do. If worse comes to worse, you may even have to go up the back end of it with a SPI programmer (AVRISP) to reflash the bootloader.

        I remember the old computers I had, whose bios was all in EPROM that took an ultraviolet light and special programmer to rewrite.

        I never had any problem with my machine getting bricked. About the worst they could do to me was make me completely low level format my hard drive, including its boot sector.

        I could always boot and fix from floppy no matter what they did.

        Yes, I am extremely leery of accepting "updates" anymore ever since that FTDI nuking fiasco Microsoft put in their update, which caused me to have to redesign every USB compatible board I made to replace my FTDI chips with CH340's.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 0) by Anonymous Coward on Saturday May 26 2018, @11:23AM (4 children)

        by Anonymous Coward on Saturday May 26 2018, @11:23AM (#684461)

        I'm the former Netgear owner AC.

        Maybe it would have been better to say that I've learned to google any update before installing. If we'd done that before downloading and running that particular Netgear "update", that router would still be in service. And we wouldn't have wasted a couple of hours on the phone with Netgear customer support.

        I'm still on Win 7 too. It was easy to avoid that upgrade--I had already turned off all MS updates and never got any Win 10 upgrade messages from them.

        • (Score: 1) by anubi on Saturday May 26 2018, @12:21PM (3 children)

          by anubi (2828) on Saturday May 26 2018, @12:21PM (#684490) Journal

          Clone your hard drive... ( I used CloneZilla ) just in case those bastards sneak one in on you.

          That way you can google how they did it, and head them off at the pass when you go back.

          My guess is it ain't gonna be long before using your computer is gonna be like watching TV. A string of ads every few minutes. With likely premium services offered to limit or eliminate the ads. Just like Google / RedTube is doing right now.

          How much would people pay to be able to use a spreadsheet or word processor without popup ads interrupting every three or four minutes?

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
          • (Score: 2) by hendrikboom on Saturday May 26 2018, @03:25PM (2 children)

            by hendrikboom (1125) Subscriber Badge on Saturday May 26 2018, @03:25PM (#684548) Homepage Journal

            Last I heard, Google's RedTube is not available in Canada. I wouldn't mind paying so as to be a customer instead of a product.

            • (Score: 2) by Bobs on Sunday May 27 2018, @01:49AM (1 child)

              by Bobs (1462) on Sunday May 27 2018, @01:49AM (#684722)

              Interesting - given that Google is an ad company, and that everything else they do is basically a rounding error from a profit perspective, I am figuring that when you pay a fee to watch YouTube ad-free, they may not show you ads with the videos but they are still tracking what you watch and integrating it into their comprehensive profile of you, to show relevant ads when you browse the web, etc.

              • (Score: 0) by Anonymous Coward on Sunday May 27 2018, @08:30AM

                by Anonymous Coward on Sunday May 27 2018, @08:30AM (#684797)

                It did not surprise me when Google started putting ads into YouTube.

                Now that Microsoft was pressuring everyone to "upgrade" to WIN10, which apparently the user no longer has any say over if or when it gets "upgraded" again, the next logical step to me, being now the customer is fenced in and can't do a damn thing about it, is to start force feeding him ads.

                We have been conditioned for a long time now to be obedient... I don't think too many of us will jump ship, as most are getting too ignorant of the alternatives, and the powers that be will slowly discourage alternatives until we are all hemmed in, just like the priests of old did to the populaces so they could control them.

                Keep the peasants ignorant, and subordinate, and we will rule by proxy, using computers as our compliance monitoring and enforcement agents. Computers which each peasant has in their home and depends on for damn near any communication.