FBI Urges Router Reboot To Guard Against State-Sponsored Malware Attack

By Nicholas Gerbis
Published: Tuesday, May 29, 2018 - 4:56pm
Updated: Tuesday, May 29, 2018 - 4:59pm
Audio icon Download mp3 (1.17 MB)
Pixabay

The FBI has issued an alert warning users to reboot, update and secure their routers as a precaution against a widespread, foreign state-sponsored malware attack.

Experts estimate the malware, called VPNFilter, has infected hundreds of thousands of routers in more than 50 countries.

Once in, VPNFilter can collect data, run commands or disable the router.

Turning routers off and on should disrupt the malware, but users should also install the latest firmware, use strong passwords and encryption, and consider disabling remote management.

Ken Colburn with Data Doctors said that security extends beyond our personal firewalls: "It's for the greater good of the country, because your device can be used to attack other people. Your devices can be used to attack our infrastructure."

The infected routers form a botnet — a collection of Internet-linked devices that are secretly controlled by a third party, often via a command and control center, or "botmaster," that acts as the brains of the operation.

The FBI reported seizing part of the botmaster infrastructure, but advised that precautions are still warranted.

Talos, the cyberthreat arm of networking giant Cisco, reported that VPNFilter's code overlaps with the BlackEnergy malware used in several major cyberattacks in Ukraine last year. Much of VPNFilter's attack, too, is focused in that country.

In a press release and a court order application, the Justice Department said the parties responsible for the attack are part of a group called Sofacy (aka APT28 and Fancy Bear) that answers to the Russian government.

The group has also been named by the Democratic National Committee in its lawsuit regarding the 2016 hack of its emails and phone calls.

Science