The U.S. Federal Bureau of Investigation is warning “any owner of small office and home office routers” of a dangerous new malware hack called VPNFilter, which has infected 500,000 routers in 54 countries.
The VPNFilter hack prevents users from accessing the Internet and allows fraudsters to make off with valuable personal data from online users connected to affected routers, including those from Linksys, Netgear, TP-Link, and MikroTik according to Talos Intelligence.
The FBI is advising everyone to immediately reboot their routers, a move that makes it more difficult for hackers to disrupt the routers, while also “identifying and remediate the infection worldwide,” by monitoring communications transmitted by infected routers after they’re rebooted, the U.S. Department of Justice stated in a May 25 release.
The malware attack is reportedly the work of a Russia-based hacker group called Sofacy; also known as “Fancy Bear,” this is the same group known for attacks on the Democratic National Committee in 2016.
What VPNFilter Malware Is Doing
VPNFilter is an especially dangerous malware hack, which forced the FBI to act quickly in order to limit the damage.
“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General Demers says in a statement.
There are two big reasons that the average digital consumer should be concerned, says Alec Rooney, vice president of engineering at Minim, a Boston-based technology platform for connected homes.
“First, your personal security and privacy is at risk,” Rooney notes in an email exchange. “VPNFilter is essentially staging a ground for attacks against your home devices to extract information that could eventually lead to a privacy breach (e.g. spying through a webcam) or identity theft (e.g. extracting your tax return file from your computer).”
The second big reason is the societal risk. “Cisco researchers believe a main purpose of VPNFilter is to form an army of infected connected devices to do bad things,” he warns. “For example, a botnet can make millions of requests to systems that we depend on to cause overload and breakage. Think of hospitals, water systems, electricity grids, public transportation systems, and more. Many of our public systems have digital components that are connected to the Internet, and a botnet attack is of great cause of concern.”
The Route of the Problem
A router is a networking device that is used to transfer data between your computer and other devices.
“Unless proper security precautions are taken, your router can put you in danger of being hacked,” explains Steven J.J. Weisman, a data security expert and author of the Scamicide.com blog, which tracks cybersecurity developments. “If your router is compromised, the security of all of your devices that use the router is in jeopardy.” (See also: How to Stay Secure at Home Using Connected Devices)
The good news is that companies that make routers are constantly developing router security updates. The bad news is that for the most part the companies that produce routers don’t automatically send you those updates.
“You need to look for them and download them yourself,” Weisman explains. “In order to do so you need to use your browser to log into your router using its IP address. Experts advise that you check for updates about every 90 days.”
These links can walk you through the process of updating popular routers:
If that looks like too much work, Weisman advises getting a router that automatically downloads updates. “Among the routers that work automatically to download necessary updates is the highly rated Linksys AC2600,” he says. “Since 2017, Netgear routers provide automatic updating.”
For now, the FBI is getting a grip on VPNFilter, but anyone using a router shouldn’t take anything for granted. Your best bet is to reboot your router and update it with the steps provided above.