Half a million routers infected by destructive malware
USERS COULD BE CUT OFF FROM INTERNET.
A VIRULENT NEW strain of malware has infected more than 500,000 consumer and smallbusiness networking devices. Discovered by researchers at Cisco and dubbed ‘VPNFilter’, the infection targets numerous routers and network-attached storage (NAS) devices from major manufacturers like Netgear, QNAP, TP-Link and Cisco itself. The malware is able to spy on network traffic and potentially steal website usernames and passwords, and can also be used to ‘brick’ infected devices, rendering them inoperable.
Although the exact creator of the malware is as yet unknown — and if other recent attacks are an indication, it will likely remain so — Cisco has stated that the “sophisticated modular malware system” appears to be the work of a state-sponsored or state-affiliated actor.
The malware’s creators appear to be focused on infecting devices located within Ukraine, although the virus has been discovered hiding on equipment located in 54 countries across the globe. The malware is designed in such a way that it can have additional capabilities added after the initial device infection and it could initially persist after a device had been rebooted — although the FBI has reportedly managed to seize a server being used by the botnet, which has subsequently disabled VPNFilter’s ability to reactivate itself after a reboot. You can read more about VPNFilter and how to protect yourself on page 100.