Another recent cyber attack has hit the Internet, but this time the targets are not computers, but network routers themselves. Russian hackers “Fancy Bear” are believed to be behind this attack which would make it the second big hack they are affiliated with after the alleged interference in the 2016 US elections. Approximately 500,000 wireless routers have been infected with the malware, called “VPNFilter,” according to cyber security companies Symantec and Talos.
The malware has two different methods of attacking routers. First, it can monitor all Internet traffic through these routers and extract the information from those connections. Secondly, it allows the hackers access to the routers and the ability to switch them off. Theoretically, the hackers could then switch off all 500,000 routers at once in a planned mass cyber-attack. Because the potential for massive disruptions is so high, both the investigating companies decided to release their findings at this time, even though their investigations into the attack are still ongoing. As a result of the attention brought to this hack, the FBI has stepped in and seized both a domain and a server that was associated with the attack. At this time, the seized server is still receiving data and the FBI is viewing IP addresses only so that it can continue its investigation.
The malware is designed to first infect the router. Exactly how this is done is still being determined, but the hackers seemed to have targeted “older routers with well-known public vulnerabilities” including Linksys, MikroTik, NETGEAR, QNAP, and TP-Link. Stage two of the attack involved monitoring and data collection. What makes the infection a particularly problematic one is that normally an infected router hack could be cleared up by doing a full reboot of the router. This is not the case with VPNFilter.
As with any hack such as this, it is important to have anti-malware software on all your devices including not only your computer but also your router. If your router is provided by your ISP, then it has a responsibility to protect the data that passes across it. They should make sure the router has security patches and strong passwords to protect you. If your router is infected, right now the only 100% accurate way of getting rid of the infection is to get rid of the router. As stated earlier, rebooting the router is not a guaranteed way of getting rid of the infection. If you are using an ISP-provided router, you can contact them for a new one. If you are using your own router, it may be necessary to invest in a new one.