VPNFilter Malware Sinks Its Teeth Into More Routers

The Wi-Fi router-killing malware known as VPNFilter is more than unsafe than previously idea. The malicious code can really infect over 70 different device models, upwards from a mere dozen.

Last month, Cisco warned the public about the malware, which contains a self-destruct function that can brick a device. The visitor estimates that at least 500,000 wireless and broadband routers across the world have and then far been infected.

Since Cisco went public, the company has watched the malware expand its targets, going after products from Asus, D-Link, and Huawei, in addition to attacking more models from Netgear and MikroTik.

On height of all this, Cisco discovered a new capability in VPNFilter; it can secretly inject malicious content over the web traffic that passes through an infected router. The capability lets VPNFilter stage what's called a homo-in-the-middle attack and then it can spy on victims and steal their sensitive data, Cisco's Talos security grouping said in a blog post on Wednesday.

"These new discoveries have shown united states that the threat from VPNFilter continues to grow," it said.

Who congenital VPNFilter isn't definitely known, but the US Justice Department is pointing fingers at Russia; information technology's blamed the malware's development on a land-sponsored hacking group from the Kremlin known as Fancy Acquit or APT28. When Cisco discovered the malware, it noted that the malicious code was spreading at an "alarming rate" in the Ukraine.

What'south clear is that VPNFilter is a disturbing threat. When the malware infects, it can download a module that lets the malicious code intercept and manipulate spider web traffic that passes through the router. Information technology'll besides attempt to downgrade HTTPS encrypted connections to HTTP, then that any sensitive data tin be exposed in articulate text and collected.

VPNFilter targets known vulnerabilities in the routers, many of which are built with weak default passwords or contain unpatched software bugs.

What makes VPNFilter particularly nasty is that information technology's hard to delete. Rebooting your router can temporarily remove the router-bricking and spying functions of the malware, merely non all the malicious code. To fully clear it, you lot'll accept to initiate a hard reset, which will restore the router's factory settings. Withal, to prevent re-infection, you'll accept to wait into patching the router with any security update your vendor can provide. PCMag has a guide for more than details.

A full list of the affected products tin can exist found below.

ASUS DEVICES:

• RT-AC66U (new)
• RT-N10 (new)
• RT-N10E (new)
• RT-N10U (new)
• RT-N56U (new)
• RT-N66U (new)

D-LINK DEVICES:

• DES-1210-08P (new)
• DIR-300 (new)
• DIR-300A (new)
• DSR-250N (new)
• DSR-500N (new)
• DSR-g (new)
• DSR-1000N (new)

HUAWEI DEVICES:

• HG8245 (new)

LINKSYS DEVICES:

• E1200
• E2500
• E3000 (new)
• E3200 (new)
• E4200 (new)
• RV082 (new)
• WRVS4400N

MIKROTIK DEVICES:

• CCR1009 (new)
• CCR1016
• CCR1036
• CCR1072
• CRS109 (new)
• CRS112 (new)
• CRS125 (new)
• RB411 (new)
• RB450 (new)
• RB750 (new)
• RB911 (new)
• RB921 (new)
• RB941 (new)
• RB951 (new)
• RB952 (new)
• RB960 (new)
• RB962 (new)
• RB1100 (new)
• RB1200 (new)
• RB2011 (new)
• RB3011 (new)
• RB Groove (new)
• RB Omnitik (new)
• STX5 (new)

NETGEAR DEVICES:

• DG834 (new)
• DGN1000 (new)
• DGN2200
• DGN3500 (new)
• FVS318N (new)
• MBRN3000 (new)
• R6400
• R7000
• R8000
• WNR1000
• WNR2000
• WNR2200 (new)
• WNR4000 (new)
• WNDR3700 (new)
• WNDR4000 (new)
• WNDR4300 (new)
• WNDR4300-TN (new)
• UTM50 (new)

QNAP DEVICES:

• TS251
• TS439 Pro
• Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

• R600VPN
• TL-WR741ND (new)
• TL-WR841N (new)

UBIQUITI DEVICES:

• NSM2 (new)
• PBE M5 (new)

UPVEL DEVICES:

• Unknown Models* (new)

ZTE DEVICES:

• ZXHN H108N (new)

Source: https://sea.pcmag.com/news/21460/vpnfilter-malware-sinks-its-teeth-into-more-routers

Posted by: morrisonsest1991.blogspot.com

Share this post