Federal Authorities: Reboot Your Router to Stop Russian Malware

Federal Authorities: Reboot Your Router to Stop Russian Malware

It is not uncommon that you might need to reboot your router because of some error or bug, but it’s not often that you need to reboot it in the name of national security. The US government has advised owners of home and small business routers to restart them to neuter a particularly nasty strain of Russian malware that has exploited hundreds of thousands of devices.

The warning comes from the FBI, Department of Homeland Security, and the Department of Justice. The agencies say that a simple reboot can protect you from the “VPNFilter” malware, at least in the short term. VPNFilter is linked to a group of Russian hackers known as Fancy Bear, sometimes called Sofacy Group and APT 28. Many security experts believe the group gets backing from Russian military intelligence (the GRU), or it may simply be part of Russian intelligence. Fancy Bear is perhaps most famous for the spear phishing attack that led to the theft of 50,000 emails from Clinton advisor John Podesta in 2016.

Devices infected by VPNFilter include routers from makers like Cisco/Linksys, MikroTik, NETGEAR, and TP-Link. Some QNAP NAS boxes are also vulnerable to infection. The attackers slipped the malware onto routers that were still using default login credentials with remote access enabled, as well as those that simply had unpatched security vulnerabilities. Most older routers lack an automatic firmware update mechanism, so they’re usually full of security holes. Security firms have published lists of affected routers, but this should by no means be considered a comprehensive collection.

Federal Authorities: Reboot Your Router to Stop Russian Malware

VPNFilter infects routers in stages, but the first one doesn’t do anything malicious. This is just a service that pings a command and control server, allowing the malware authors to load the second and third stage payloads. The second stage includes the primary tools for compromising your network. It supports data exfiltration, command execution, and more. It can also brick the router remotely if it receives a command to do so. The stage three package adds support for snooping on packets as they pass through the router and Tor communication with the controllers.

Rebooting a router clears the “advanced” stages of VPNFilter from a device, but the first stage remains in place. That means Fancy Bear could circle back and re-infect the router with stages two and three. Rebooting is only a temporary solution, so owners of the affected routers should start looking for a more modern replacement.

Continue reading

Netgear Has the First Quad-Band Wi-Fi 6E Mesh Router, but it Costs $1,500
Netgear Has the First Quad-Band Wi-Fi 6E Mesh Router, but it Costs $1,500

Mesh routers are all the rage right now. Google, Amazon, Asus, Linksys, and many others have their own dual or tri-band mesh setups. Netgear says it has something new—the world's first quad-band Wi-Fi 6E system.

Living With the Synology RT6600ax Wi-Fi 6 Router
Living With the Synology RT6600ax Wi-Fi 6 Router

Synology is best known for its storage products, but it has been producing mesh-capable routers for several years. I've been working with their newest model, the Synology RT6600ax, for several months, and it is both rock-solid and easy to administer.

Rivet Launches Blazing Fast, Intel-Based Killer Wireless-AC 1550 Chip, New Xbox Router
Rivet Launches Blazing Fast, Intel-Based Killer Wireless-AC 1550 Chip, New Xbox Router

Rivet Networks has launched a new Wi-Fi chip based on an Intel solution, as well as a new, Xbox One-optimized router debuting this spring.

New WPA3 Security Standard Introduced for Routers and Devices
New WPA3 Security Standard Introduced for Routers and Devices

WPA3 has been formally released today, with support for new authentication schemes, better personal security settings, and new operating modes for IoT devices and devices without screens.