Home / Linux / Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware.

Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions of firmware, which often contain patches for vulnerabilities.

Rebooting affected devices will cause non-persistent portions of the malware to be removed from the system. Network defenders should ensure that first-stage malware is removed from the devices, and appropriate network-level blocking is in place prior to rebooting affected devices. This will ensure that second stage malware is not downloaded again after reboot.

While the paths at each stage of the malware can vary across device platforms, processes running with the name “vpnfilter” are almost certainly instances of the second stage malware. Terminating these processes and removing associated processes and persistent files that execute the second stage malware would likely remove this malware from targeted devices.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Data breach of public Q&A forum website Quora

Data breach of public Q&A forum website Quora

What’s happened? Online question-and-answer website Quora has been impacted by a security incident, with an ...