The FBI issued a VPNFilter cyberattack warning today, urging consumers to reboot their small office and home office routers in a bid to mitigate a potential worldwide attack.
The warning comes two days after Cisco Systems said the IoT botnet has infected more than 500,000 devices worldwide. The malware has spread across consumer routers and network attached storage hardware from Linksys, MikroTik, Netgear, TP-Link and QNAP, according to research from Cisco’s Talos business.
The FBI has spent recent day racing to gain control of the botnet from hackers. Several reports suggested that Russia planned to launch a massive cyberattack, but Kremlin officials denied the charge.
Today's FBI Warning, Advice
Fast forward to present day, and the FBI warning says the VPNFilter botnet "is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic." The malware can also render the infected routers inoperable, the FBI indicated.
To mitigate the threat, the FBI is urging owners of small office and home office routers to:
"reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."
Multiple vendors have weighed in with guidance and perspectives on the VPNFilter malware and associated botnet.
Michael Rose, senior threat researcher, Cyxtera, points to two key themes associated with the threat.
- Cyber-warfare instituted by nation states and executed against other nation state entities is ever-present, growing in scale and sophistication, and is of significance to all, regardless of nationality or political beliefs. Consumers of the SOHO networking and NAS devices impacted by this modified, highly engineered VPNFilter malware are not, most likely, the ultimate intended victims of this malicious activity. However, they (and we) do inadvertently get caught up in the crossfire of these actions, with the effect on the hapless users being significant and often devastating.
- The principles of Defense in Depth can be applied to defending against both the attack itself and mitigation of the effects from a successful attack. This can be done through prompt patching of devices, implementing and regularly testing a 3-2-1 backup strategy of all business significant data, and using high availability and redundancy to remove single points of failure. Additionally, implementing non-traditional security technologies, such as Software-Defined Perimeters, can be used to address these modern threats against rapidly changing enterprise infrastructures.
Added Eric Trexler, VP, global governments, Forcepoint
“No longer can we afford to keep our critical infrastructure connected to and therefore directly accessible to the Internet. VPNFilter proves that time tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks.”
Stay tuned to MSSP Alert for ongoing updates about VPNFilter.