Wednesday, May 30, 2018
The FBI issued an alert on May 25, 2018, after discovering a global attack on small-office and home-office routers. Bad actors have used VPNFilter malware, which can detect and exploit data transitioning through infected devices, authorities stated. Forensic researchers noted the malware can block network traffic, and its use of encryption and spoofed networks as camouflage makes it difficult to find. The bureau estimates hundreds of thousands of networked devices may have already been compromised.
"The size and scope of the infrastructure impacted by VPNFilter malware is significant," FBI agents stated. "The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown."
The FBI asked small-business owners and civilians to disrupt the malware and help identify infected devices by rebooting their routers. They also recommend disabling remote management settings on connected devices and using advanced encryption methods, up-to-date firmware and strong passwords when remote access is enabled.
Josephine Wolff, assistant professor of public policy and computing security at Rochester Institute of Technology and faculty associate at the Harvard Berkman Center for Internet and Society, called the FBI warning "the smallest security ask it is possible to make of the public." This is literally a requirement to unplug your router for a few seconds and then plug it back in to remove malware, she noted. "No one's asking you to change any passwords, download any patches, or toggle any security settings," she wrote in a May 29, 2018, post on Slate, titled, "Did You Restart Your Router Like the FBI Asked? Or did you find an excuse not to because you aren't comfortable messing with it?"
In a SecurityMetrics webinar titled Forensic lessons learned from 2017 Data Breaches, David Ellis, senior vice president, investigations at SecurityMetrics, cited the following as leading security failures:
Ellis said the FBI's advice to reboot a router may mislead small and midsize merchants into thinking a simple reboot will insulate their businesses from Wi-Fi intrusions and malware. Multilayered security methods and managed service providers can help protect business owners through advanced threat monitoring and detection, log analysis and real-time alerts, he noted, adding that SecurityMetrics' engineers routinely review and analyze logs and alert customers to potentially threatening trends, changes in network traffic or downloaded ransomware or malware.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.