What Is VPNFilter and Why Do I Have to Reset My Router?
Earlier this week, the FBI urged thousands of small business and home office internet users to reboot their routers to prevent the impact of VPNFilter, the latest malware threat to businesses and consumers. Hours after the story broke, I was invited to WTNH News 8's studios to do a Facebook live Q&A.
Here are some of the highlights to help you navigate this situation.
Q: What is malware?
A: In general, malware is software that has been specifically created for a malicious purpose such as collecting banking logins or other personal information, or monitoring how people use their network and places they go online. It can also be used to sabotage hardware and destroy it. You can take a deeper dive into what malware is, how it spreads, and how it has become an epidemic in this post.
Q: What is VPNFilter?
A: VPNFilter is a particular type of malware which infects routers and NAS (network-attached storage) devices. It came into the public consciousness recently thanks to the efforts of Cisco’s Talos Intelligence, the FBI, and the Department of Justice. VPNFilter has reportedly already infected over 500,000 routers across 54 countries and has ties to Russian hackers.
Q: How is VPNFilter different from other viruses or hacks?
A: Unlike a lot of malware that requires installing an app or clicking on a phony link, VPNFilter requires no action by the user who owns the device—if it’s turned on and attached to the network, it can potentially be infected. However, VPNFilter only affects certain types of routers and NAS devices at this time.
Q: Can VPNFilter spread from my router to my computer or phone?
A: No, it can't spread from device to device at this time. The program is searching the internet for devices that are vulnerable and infecting them.
Q: What does rebooting do to protect my router?
A: There are three stages to VPNFilter and the damage is really done in the second and third stages. Rebooting the router prevents the malware from advancing to the second and third stages. All that’s required is turning the power off or pulling the plug on your router, waiting about 60 seconds, and then turning it back on or plugging it back in.
Q: How do I know if my router is infected?
A: If you find that you’re mysteriously having a lot of difficulty getting on the internet, there’s a chance your router has reached stage 2 or 3 of the infection and that it has been damaged. However, there isn’t a way that’s known currently for the average user to know if they have been infected with stage one of the malware.
Q: I rebooted my router. What else can I do to protect myself?
A: If you’re a tech-savvy user, make sure that you’re not still using the factory default ID and password that the device came with and limit/disable remote access to your router. Also, make sure that your router is patched and up to date. If you’re comfortable doing so, you can also factory reset your router but make sure you’re prepared to bring your network back online afterwards. Make sure that you’re also following password best practices for all your logins and not reusing passwords anywhere.
Q: I don't believe you and I refuse to reboot my router.
A: Fair enough, but if your router does have VPNFilter and it's left unchecked, any information that’s flowing from your PC to the internet could potentially be captured by hackers. Once active on a device, VPNFilter can also potentially be updated by the hackers who created it to have other negative effects down the line. Plus, you can reboot your router in much less time than it took to read this Q&A.
Q: My business has valuable customer data and I can't have anyone hacking my router. What measures should I have in place?
A: Cisco Advanced Malware Protection (AMP) and Cisco Umbrella would help protect against this particular attack. There's no single cybersecurity measure that can prevent all attacks. That's why we recommend bolstering your defenses with a Cybersecurity-as-a-Service partner who can stay on top of the latest trends and deploy numerous, appropriate tools to protect your data. In fact, as far as we know, our Defend Forward Cybsersecurity-as-a-Service offering is the single most comprehensive solution available anywhere.