On May 23rd various tech companies started reporting on a router-based virus called VPNFilter, which had infected as many as half a million devices worldwide. The devices effected are primarily home and small business routers, including TP-Link, Netgear, Linksys, and Ubiquiti routers.
As of the first week of June various security concerns had expanded their definitions of VPNFilter and explored the damage that it can cause, which is much greater than initially understood.
How Does This Happen?
Routers are infected with the malware as a result of relying on default credentials (usernames and passwords) so infection can be totally avoided by ensuring that your devices are set up with unique usernames and passwords, something that is nearly universally recommended as a basic security measure for tech-users at all levels.
What Does It Do?
VPNFilter is capable of tracking your web traffic, performing Javascript injection man-in-the-middle attacks which can collect secure or private information, and of destroying your device if the person in control of your unit decides to execute a particular command. The malware is a significant threat to privacy, security, and the functionality of your network. Because the malware relies on known vulnerabilities in the impacted devices there are some relatively simple fixes available.
How You Can Prevent Or Repair Infection
- First – You should ensure that you never use a device with a default username and password. Whether you’re discussing a business server, a home router, or a Smart Baby Monitor it is a vital part of security protocol to ensure that your login credentials are unique and hard to guess.
- Second – Keep your software up-to-date by applying patches, upgrading firmware, and maintaining support services. Ensuring a regular maintenance schedule for your connected devices will help to protect you against threats based on known vulnerabilities – as soon as a bug is revealed most companies hurry to create patches for it, but they only work if you keep your system up-to-date and install those patches. (For assistance with a maintenance plan explore PMCS’s Service Plan options on our Business Services page).
- Third – Call your trusted technicians when you suspect there might be a problem. If you call PMCS as soon as you think something might be wrong we can go to work minimizing the impact of an infection or attack right away. Having an IT provider on speed-dial can save your business thousands of dollars per indecent – we do what we do best to get you back to what you do best with minimal time lost to server outages or long recovery processes.
If you are concerned that your router may be impacted by VPNFilter please call PMCS at (818)957-5647 for an assessment of your system and to see whether or not you need to update your firmware or activate services through the manufacturer. Fully infected routers will require the complete reinstallation of firmware to protect from VPNFilter; reinstallation should be undertaken carefully to prevent destruction of your device, so please call us if you believe you might be fully infected.