Routers Are Being Hijacked By A Dangerous Stealth Malware

New analysis suggests that hundreds of thousands of routers are infected with a malicious bug that could be used by a nation-state to bring down large segments of the internet. Wired has the full story, and, fair warning… it’s pretty grim.

We’ve written… perhaps too much about the emerging threats in this new digital age. As a brief catch-up, basically any internet-enabled thing is a potential threat. This is especially true of non-computers. Things like routers or smart outlets and the like are often riddled with security holes. And they’ve been used a many, many times for massive attacks on our infrastructure. But, according to investigative journalist Andy Greenburg, “Home routers have become the rats to hackers’ bubonic plague: An easily infected, untreated and ubiquitous population in which dangerous digital attacks can spread.”

Making matters worse, they are primed to “implode networks across the world.”

Wednesday, Cisco’s Talos security group identified a new type of malware, dubbed VPNFilter. It’s infected more than half a million home and business routers from many of the major brands like Netgear and Linksys.

Moreover, the code is versatile, allowing to work as a means of surveillance. Together, they create a shadow virtual private network, allowing the hackers to obscure themselves and their locations as they launch attack after attack. Finally, at any point they can be triggered to brick the devices and cripple the networks that they’re connected to.

“This actor has half a million nodes spread out over the world, and each one can be used to control completely different networks if they want,” Craig Williams, lead of the Talos team told Wired. “It’s basically an espionage machine that can be retooled for anything they want.”

It’s hard to overstate the potential risks, too. VPNFilter can divert and copy traffic, which is exactly what makes the malware so useful for spying. While your first concern might be your credit card data (and yeah, that’s definitely important) the report suggests that it’s far more likely that the cause is a state actor. And, given that the majority of the breaches are in the Ukraine, it’s likely that Russia is involved.

“When you combine the factors at play here, the destructive nature of the malware, and the targeting of Ukraine, this gives you pretty high confidence someone is trying to do bad things in Ukraine again,” Williams says.

Perhaps worst of all, though, is that the infection is spreading rapidly. Since just a few days ago, the attacks have been growing and spreading.
The Ukrainian government has issued a statement (in Ukrainian) pointing the finger at Russia, and given all the factors at play, that’s not a stretch, but it’s also far from confirmed.

“Specialists of the SBU believe that the infection of equipment in the territory of Ukraine is preparation for another act of cyber meddling on the part of the Russian Federation, aimed at destabilizing the situation during the Champions League finals,” it reads.

If that does bear out though, it could be a simple preparation for much larger attacks around the world down the line. So, yeah… things don’t look good. Right now, the only solution is kind of a pain in the ass. You need to reset the router and then reinstall its firmware. But, really you should suck it up and do what you can.

“What’s important is that people understand how severe the risk is and go to see if their machines are infected,” Williams says. “If they don’t, an hour from now, next week, at some point in the future, the attacker can press the self-destruct button. And then there’s very little that can be done for them.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.