The Federal Bureau of Investigation (FBI) reported last week that a new malware known as VPNFilter has infected over half-million routers. This malware is mostly targeting routers used in home and small offices and is able to monitor traffic, cut off access to the internet or even wipe routers. The malware is linked to the Russian "Sofacy Group" and "Fancy Bear" (the same group that was responsible for the Democratic National Committee cyber-attacks). To date, the FBI has seized the domain (toknowall.com) used to send commands to the infected routers.
While our clients' business routers and firewalls are not susceptible to this new threat, many people's home internet router/firewall may be vulnerable. We have been monitoring this latest threat and wanted to notify our clients that home users should reboot their internet router/firewall immediately.
According the FBI, routers from Linksys, Netgear, TP-Link, and MikroTik are vulnerable and it is recommended rebooting these routers. If you are unsure the make or model of your router, we recommend unplugging the power for one minute and plugging back in to reboot the device.
Below is a list of routers identified as vulnerable to VPNFilter according to Cisco:
Mikrotik (Versions 1016, 1036, and 1072)
QNAP TS439 Pro
QNAP NAS running QTS software
Again, to help reduce exposure to this widespread malware, the FBI and security firms are urging users to turn off any remote administration features, reboot routers and network-attached storage (NAS) devices, and ensure routers are running on the latest firmware.