Russian Malware and Protecting Your Business - Core Networks

Telcom and Cyber Security Blog

Russian Malware and Protecting Your Business

Jun 25, 2018 | Business, Cyber Security, Managed IT

Hello Internet! We’re reopening our blog, and we figured a good place to start would be a discussion of a current event. In this post we’ll be discussing why the FBI has asked people to reboot their routers. The reason? A bit of Russian malware called VPNFilter.

Russian Hackers

A bit of info on this malware. At full strength, VPNFilter is a type of malware that performs “man-in-the-middle” attack, allowing hackers to digitally eavesdrop on infected devices. They can see the information flowing through that device, intercept it, and modify it. Since routers provide WiFi Internet, consider how much information flows through them: emails, passwords, account numbers, etc. To add insult to injury, the malware also enables the hackers to “brick” the device, meaning destroy it and render it useful only as an expensive paperweight/brick.

Before you panic, VPNFilter is a module malware. This means it comes in parts and is not downloaded all at once. The first stage of the malware is somewhat simplistic and doesn’t have all the scary features of the fully-assembled version. All Stage 1 of VPNFilter does is prop open a backdoor on your device.  This backdoor keeps it vulnerable to the hackers and allows the other stages of the malware to be downloaded later. If your device has Stage 2 or Stage 3 on it, rebooting your router will delete them. The part that IS scary is that rebooting your router – normally enough to wipe out malware completely – will only wipe out the more advanced stages of VPNFilter. Stage 1 will not be affected by a reboot, meaning the advanced stages can just be re-downloaded onto your router.

So what’s the point? Why is the FBI recommending that people reboot their routers if that won’t completely eliminate the malware? Because it’ll help them identify infected devices, and it’ll at least temporarily wipe out the advance stages, which is better than nothing. What people really need to do is reset their routers back to factory defaults, which would eradicate even Stage 1 of VPNFilter. The FBI isn’t recommending this solution because it would require people to reconfigure their routers, which can be difficult for some people to do.  If people don’t properly reconfigure their router it may leave them just as vulnerable to future attacks.

To use a figure of speech though, just rebooting your router is like closing the barn door after the horses have escaped. What you really need to do is beef up your safety measures to better prevent such things from happening in the first place. Here are some other steps you can take:

  • NEVER use the default username and password on an electronic device.
    • In most cases even a simple password created by you will offer better protection than the default password.
  • Have your devices download manufacturer updates on a regular basis.
  • Get an antivirus program and keep it up to date. Some antiviruses will detect and stop VPNFilter.

Learn more about malware here.

If you’re not tech-savvy, we can help! Get our CORE Complete Care plan and we’ll make sure your system – including antivirus – stays up to date for you!

It’s time we get serious about Cyber Security New Orleans