It is not uncommon that you might need to reboot your router because of some error or bug, but it’s not often that you need to reboot it in the name of national security. The US government has advised owners of home and small business routers to restart them to neuter a particularly nasty strain of Russian malware that has exploited hundreds of thousands of devices.
The warning comes from the FBI, Department of Homeland Security, and the Department of Justice. The agencies say that a simple reboot can protect you from the “VPNFilter” malware, at least in the short term. VPNFilter is linked to a group of Russian hackers known as Fancy Bear, sometimes called Sofacy Group and APT 28. Many security experts believe the group gets backing from Russian military intelligence (the GRU), or it may simply be part of Russian intelligence. Fancy Bear is perhaps most famous for the spear phishing attack that led to the theft of 50,000 emails from Clinton advisor John Podesta in 2016.
Devices infected by VPNFilter include routers from makers like Cisco/Linksys, MikroTik, NETGEAR, and TP-Link. Some QNAP NAS boxes are also vulnerable to infection. The attackers slipped the malware onto routers that were still using default login credentials with remote access enabled, as well as those that simply had unpatched security vulnerabilities. Most older routers lack an automatic firmware update mechanism, so they’re usually full of security holes. Security firms have published lists of affected routers, but this should by no means be considered a comprehensive collection.
VPNFilter infects routers in stages, but the first one doesn’t do anything malicious. This is just a service that pings a command and control server, allowing the malware authors to load the second and third stage payloads. The second stage includes the primary tools for compromising your network. It supports data exfiltration, command execution, and more. It can also brick the router remotely if it receives a command to do so. The stage three package adds support for snooping on packets as they pass through the router and Tor communication with the controllers.
Rebooting a router clears the “advanced” stages of VPNFilter from a device, but the first stage remains in place. That means Fancy Bear could circle back and re-infect the router with stages two and three. Rebooting is only a temporary solution, so owners of the affected routers should start looking for a more modern replacement.
Rivet Launches Blazing Fast, Intel-Based Killer Wireless-AC 1550 Chip, New Xbox Router
Rivet Networks has launched a new Wi-Fi chip based on an Intel solution, as well as a new, Xbox One-optimized router debuting this spring.
ET Deals: Norton Core Connected AC2600 Secure Wi-Fi Router with One-Year Security Plus for $200
If you're using the default wireless router that your ISP provides, you might be dealing with coverage issues. Certain rooms in your house might drop your connection, or the speed might be terrible. So if you're ready to upgrade to a better wireless router that doesn't compromise one iota on security, consider the Norton Core.
ET Deals Roundup: Luma Wi-Fi Mesh Router for $140, 55-Inch Samsung 4K for only $580 with $225 Gift Card, and more
If you're tired of your Wi-Fi dropping out in certain parts of your house, consider making the jump to a mesh router. Right now, you can save $60 on a three-pack of Luma Home wireless routers at the PCMag shop. You can also snag an affordable 128GB SD card, a 55-inch 4K TV, and so much more with today's best deals.
ET Deals: Save 50 Percent on Luma Home Wi-Fi Mesh Router Three-Pack
Tired of Wi-Fi dead spots in your home? Kick your old wireless router to the curb, and start using the Luma Home Wi-Fi system to get complete coverage. For a limited time, you can save 50 percent on a three-pack from the PCMag Shop.