WELCOME TO EHOST.COM.NP

Sunday, August 26, 2018

FBI And Cyber Experts Officially Warns Internet Users To Protect their Routers From VPNFilter Malware

           Add Comments   

ads space






Routers infected with VPNFilter Malware





FBI and Cyber Experts officially warns Internet users to protect their routers from VPNFilter Malware.




Federal Bureau of Investigation (FBI) and Cybersecurity experts warn Internet users to protect their office and home routers from a Cyber attack by Russian Hackers.


  • More than 50 countries of routers were infected by VPNFilter Malware. 

  • Belkin International’s Linksys, MikroTik, Netgear Inc, TP-Link and QNAP known devices affected.

In a statement on 25th May 2018 that foreign cyber criminals had used a malware program known as “VPNFilter” to infect “hundred of thousands” of home and office routers and other networked devices worldwide.


The warning comes after Cisco Talos Intelligence report of new VPNFilter malware targets at least 500k networking devices worldwide.


Talos said, working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues.


The behaviour of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols.


According to report,


The justice department announced at late Wednesday an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28 or Sofacy, believed to be connected to the Russian government.



How does VPNFilter Malware work?


This malware works as a multi-stage platform with various capabilities to support both intelligence collection and destructive cyber attack operations. Talos explains as follow:


In Stage 1 Malware persists through a reboot, which sets it apart from the other usual malwares that targets internet-of-things (IoT) devices because malware normally does not survive a reboot of the device. The main purpose of stage 1 is to gain a persistent foothold and enable the deployment of the stage 2 malware. Stage 1 utilizes multiple redundant command and control (C2) mechanisms to discover the IP address of the current stage 2 deployment server, making this malware extremely robust and capable of dealing with unpredictable C2 infrastructure changes.


The stage 2 malware, which does not persist through a reboot, have capabilities that we have come to expect in a workhorse intelligence-collection platform, such as file collection, command execution, data ex-filtration and device management. However, some versions of stage 2 also possess a self-destruct capability that overwrites a critical portion of the device’s firmware and reboots the device, making it unusable. Based on the actor’s demonstrated knowledge of these devices, and the existing capability in some stage 2 versions, we assess with high confidence that the actor could deploy this self-destruct command to most devices that it controls, regardless of whether the command is built into the stage 2 malware.


In addition, there are multiple stage 3 modules that serve as plugins for the stage 2 malware. These plugins provide stage 2 with additional functionality. As of this writing, we are aware of two plugin modules: a packet sniffer for collecting traffic that passes through the device, including theft of website credentials and monitoring of Modbus SCADA protocols, and a communications module that allows stage 2 to communicate over Tor. We assess with high confidence that several other plugin modules exist, but we have yet to discover them.




Image by talosintelligence.com



How To Defend against VPNfilter Malware?


To defend against this malware is difficult, because of the devices connected to the internet with vulnerable devices. The User must have to update their routers and use anti-malware software to counter them.


  • Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.

  • Internet service providers that provide SOHO routers to their users reboot the routers on their customers’ behalf.

  • If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.

  • ISPs work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.


ads space

 

ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive

Contact Form

Name

Email *

Message *

Copyright © Sync Media