We are just coming off a long holiday weekend in the United States, which means that many Americans haven't heard the latest alert from US-CERT and other entities regarding the ongoing VPNFilter malware attack on small and home office routers. Here's Fleming Shi discussing the attack with Scott Budman of NBC Bay Area:
Brian Krebs has an excellent post on what devices are affected and how the malware works on his security blog here. He also has some information on how other technologies such as WPS can play into the vulnerabilities of these routers. If you are responsible for securing networked electronics, this is a must-read.
The best action to take is to power down your SOHO routers immediately, to interrupt the payload. Wait for about a minute and then power back up. Apply the latest patches if available and then make sure that none of your devices are using default credentials. Additionally, Netgear advises customers to turn off remote management on the router, and Linksys recommends factory resets on all infected routers.
The FBI has also seized part of the malware command-and-control infrastructure and is working with domestic and international partners to identify and expose the actors behind VPNFilter.
If you'd like to connect with Fleming Shi, SVP of Technology at Barracuda, you can find him on LinkedIn here.
If you need help restarting your router or you are concerned about a possible infection that you cannot clear, contact the tech support team for your device. You may also be able to download a pdf of the user manual by searching the manufacturer's website for the device model.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.
