VPNFilter Malware Spreads to More Devices

VPNFilter Malware Spreads to More Devices

Cisco Talos issued another update on the malware known as VPNFilter. The malware effects more devices than initially reported and also has increased capabilities. It is suspected that Russian hackers are behind the cyber attack.

VPNFilter infects home and small office network routers as well as network-attached storage devices like backup hard drives. The spread of VPNFilter prompted the US Federal Bureau of Investigation (FBI) to issue a warning to US residents to reboot or factory reset small routers. A router is piece of hardware that is attached physically by wires to your internet service within your home, office, or anywhere else with internet access. It receives internet traffic coming into the network as well as sends internet traffic from within the home or office out to the internet. It “routes” the web traffic, and hence its name. A router is a physical device, generally a black or grey box. Home routers are about 10 inches by 10 inches X 2 inches in size. Small office routers are larger. Enterprise routers for businesses are larger in size and there may be more than one of them to provide more capacity and redundancy.

What Devices are Affected?

Initially, VPNFilter infected over 500,000 routers. New devices are now targeted by the malware. The list of vulnerable routers continues to grow and includes devices from manufacturers who were not infected initially. These new manufacturers include ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-Link. No Cisco network devices are affected.

In addition to the increased number of devices affected by VPNFilter, the malware also has new capabilities. It originally was only capable of rendering a router useless. VPNFilter can now also inject malicious content into web traffic while it is in transit within the device owner’s intranet. This injection occurs unbeknownst to the device owner. The danger is that it gives the hacker the ability to deliver exploits to endpoints like laptops and any other connected device.

What is Malware?

Malware is an unwanted computer or internet programing that is created with the intention of causing harm to the recipient’s laptop. Smartphone, any hardware, or data contained on that hardware. Some types of malware are known as computer viruses. A common goal of malware is to establish access to the victim’s banking credentials and then to transfer money away from those accounts. Malware is commonly delivered via email phishing scams but can also be forcibly injected onto a machine from other hardware.

VPNFilter alters traffic destined for port 80 on the router. More details on the new malware capabilities can be read on Cisco Talos. Read more about VPNFilter from Cisco Talos