FBI urging people to reboot routers, due to malware threat
PHOENIX (KSAZ) - FBI officials say any owner of small office and home office routers should reboot their devices, as foreign cyber actors have compromised hundreds of thousands of home and office routers around the world.
In a statement released on the FBI's Internet Crime Complaint Center (IC3) on Friday, officials say the actors used a malware called VPNFilter to target routers. The malware is able to perform a number of functions, including possible information collection, device exploitation, and blocking network traffic. The malware reportedly targets several manufacturers and network-attacked storage (NAS) devices by at least one manufacturer.
Officials say VPNFilter is able to renter routers inoperable, and can potentially collect information passing through the router.
According to Cisco Talos, VPNFilter may have targeted at least 500,000 devices in at least 54 countries, with known affected devices by Linksys, MikroTik, Netgear, and TP-Link. Cisco Talos officials, however, noted that the research is still not complete, but that they shared their findings due to recent events, so that those affected can take appropriate action to defend themselves.
In a statement posted onto its website, router manufacturer Netgear said they are aware that the malware might target some of their routers, but said according to their understanding of an investigation conducted by Cisco Talos, the malware targets vulnerabilities for which they have already released firmware fixes.
Meanwhile, TP-Link officials say they are aware the malware targets one of their router models, and are investigating. Meanwhile, they say users of their products should keep their devices updated with the latest firmware, and change their router's default admin password.
FBI officials are recommending owners of routers to reboot their devices to temporarily disrupt the malware, and help with the potential identification of infected devices. In addition, router owners are advised to consider disabling remote management settings on devices, and secure with strong passwords and encryption when enabled. Also, Network devices should be upgraded to the latest available versions of firmware.