FBI Urges Everyone to Reboot Routers Now to Prevent Malware Attack
For those that have Internet access in their home, their router is now an likely target for a group of hackers and a malware that can render these devices inoperable. The FBI has come out with an urgent message to router owners — defeat the malware by rebooting the device.
For most models, it's just a simple matter of switching the router off, then back on. Simpler models may also need the owner to just unplug the device, wait for a few moments, then plug the router back in again.
It's a simple step that could defeat the new VPNFilter malware that's been spreading online, at least in its current form. For now, rebooting routers are a quick and effective countermeasure to ensure that any hijacked devices are purged of the malware, but the FBI expects the threat to continue.
Get Our Latest News for FREE
The U.S. Department of Justice has linked the VPNFilter malware to the group known as the Sofacy Group, also known as Fancy Bear or A.P.T. 28. This crew of hackers is said to be linked to the Russian military intelligence agency, according to CBS News.
As for the malware itself, the FBI has estimated that the hackers have already spread it to thousands of home and office routers worldwide. Once a router is infected, a way is open for the hackers to access devices connected to it and collect sensitive information or otherwise exploit the router.
A compromised router also gives hackers control over the traffic that passes through it. "It's a tremendous weapon in the hands of an adversary," FBI's Howard Marshall, the deputy assistant director of the cyber division, pointed out.
VPNFilter can also stop network traffic through the router, in addition to collecting it. Fortunately, the malware can be "temporarily" disrupted by rebooting it. Once the router has been rebooted, owners are also advised to disable remote management features, or at least secure them with stronger passwords, according to the FBI's recommendations.
Upgrading the firmware of a router is also a recommended preventive measure, as well as springing for a newer, more secure model entirely. According to a report by antivirus and security company Symantec, the malware targets routers still set with default passwords or are running older software.
Known router models that are susceptible include older Linksys, Netgear, QNAP, TP-Link and MikroTik devices, as ZDNet listed out the known infected devices so far. VPNFilter is mostly targeting consumer Internet routers at this point.
"Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading the threat," Symantec researchers wrote in their summary.
