Router reboots halt VPNFilter but won't ensure security

The FBI issued an alert on May 25, 2018, after discovering a global attack on small-office and home-office routers. Bad actors have used VPNFilter malware, which can detect and exploit data transitioning through infected devices, authorities stated. Forensic researchers noted the malware can block network traffic, and its use of encryption and spoofed networks as camouflage makes it difficult to find. The bureau estimates hundreds of thousands of networked devices may have already been compromised.

"The size and scope of the infrastructure impacted by VPNFilter malware is significant," FBI agents stated. "The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown."

Reboot now

The FBI asked small-business owners and civilians to disrupt the malware and help identify infected devices by rebooting their routers. They also recommend disabling remote management settings on connected devices and using advanced encryption methods, up-to-date firmware and strong passwords when remote access is enabled.

Josephine Wolff, assistant professor of public policy and computing security at Rochester Institute of Technology and faculty associate at the Harvard Berkman Center for Internet and Society, called the FBI warning "the smallest security ask it is possible to make of the public." This is literally a requirement to unplug your router for a few seconds and then plug it back in to remove malware, she noted. "No one's asking you to change any passwords, download any patches, or toggle any security settings," she wrote in a May 29, 2018, post on Slate, titled, "Did You Restart Your Router Like the FBI Asked? Or did you find an excuse not to because you aren't comfortable messing with it?"

Merchant, consumer safety

In a SecurityMetrics webinar titled Forensic lessons learned from 2017 Data Breaches, David Ellis, senior vice president, investigations at SecurityMetrics, cited the following as leading security failures:

• Inadequate firewall configurations: 52 percent of investigations had improperly configured firewalls; some had no firewalls at all, Ellis said.

• Weak passwords: Passwords were simple to crack with brute-force hacking tools; some were left at factory default settings.

• Ineffective antivirus systems: Some organizations were using expired programs; others had no antivirus installed or failed to install the antivirus software at all endpoints, Ellis said. In nearly 3 percent of other cases, inadequate software contributed to the data breach.
• Secure access: Secure access can be compromised with a weak authentication password or lack of multi-factor authentication. "There should not be any areas with sensitive or protected information to which someone could log in without multi-factor authentication," Ellis stated.

Ellis said the FBI's advice to reboot a router may mislead small and midsize merchants into thinking a simple reboot will insulate their businesses from Wi-Fi intrusions and malware. Multilayered security methods and managed service providers can help protect business owners through advanced threat monitoring and detection, log analysis and real-time alerts, he noted, adding that SecurityMetrics' engineers routinely review and analyze logs and alert customers to potentially threatening trends, changes in network traffic or downloaded ransomware or malware.

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.