We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group is infecting hundreds of thousands of small business and home router [view related post here].
Apparently the malware is much worse than anyone thought and Cisco’s Talo security team says the malware is more powerful and is infecting a larger number of routers than originally reported.
The new research shows that the malware is capable of implementing a man-in-the-middle attack (which we have seen an increase in over the past few weeks) on incoming web traffic, and is targeting not only home and small business routers, but the router owners themselves. Cisco reports that the attackers use the infected router to inject malicious payloads into traffic as it passes through the infected router. It can also steal sensitive data that is passed between internal end-points and the internet.
According to the senior researcher at Cisco “[t]hey can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
A list of devices that are affected can be accessed here.
What is even more concerning is that the malware is particularly sneaky and works in stages. So if you heeded the FBI’s warning to reboot your router, the malware cold still be persisting on your device. For those of us who are non-techies, this means that the attackers could have infected your device and put the malware in a listening mode that can then be activated at a later time. Security experts are recommending that if your router is more than a few years old, you should just buy a new one. Another security expert recommends “Run DD-WRT/OpenWRT/Tomato or similar, never use a stock vendor-created firmware if you can help it. The open-source stuff isn’t perfect but at least it represent pooled resources shared across many hardware platforms and with the broader OS community, rather than one vendor’s overtaxed engineering department that’s under-incentivized to worry about security.”