Thursday, May 24, 2018

Hackers Infecting Network Routers

It is being reported that hackers have infected 500k routers with malware (VPNFilter) worldwide. The attacks are designed to collect login credentials, gain supervisory control and disable the device entirely. Antivirus provider Symantec issued its own advisory Wednesday that identified the targeted devices as:

Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN

In an effort to minimize the effects of the attack, it is advised that users perform a factory reset of their routers. This is typically performed by pressing the reset button for 10 seconds. This will remove any special configuration on the router as well, however. Users should also change the router's password, update the firmware and disable remote administration. 

I hope this information has been helpful. As always, feel free to contact me if you need assistance.