FBI suggests rebooting your wireless internet router as soon as possible
6:26 AM, May 30, 2018
5:05 AM, May 31, 2018
If you have a home internet router, chances are you probably want to reboot it. The FBI is urging small businesses and every household in the country to reboot wireless internet routers, the bureau said in a public service announcement.
Foreign cyber actors compromised hundreds of thousands of home and office routers and used VPNFilter Malware as the method of attack, according to the FBI.
"VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router," the public service announcement said. "Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks."
VPNFilter Malware is a new threat and it targets a cluster of routers and makes them unusable, the cybersecurity company Symantec said. It could maintain a threat on the device even after a reboot, the company added.
Symantec also advises a reboot and if the problem persists to reset the device, which will wipe the device clean. Additionally, they recommend backing up any configuration details or credentials stored on the router because they'll be wiped clean by the reset.
The VPNFilter malware can effect routers that are made by Linksys, Mikrotik, and Netgear, Symantec said.
QNAP, another one of the router companies affected, put out a security advisory telling customers to install their updated malware remover and to change the password if consumers are using a default password.
According to an analysis by Cisco's Talos Intelligence, they estimate the number of devices infected because of this specific type of malware to be 500,000 and to be operating in at least 54 counties.
Just last week, the FBI and the Department of Justice announced that thousands of infected home and office routers are under the control of the Sofacy Group, a group that is said to be linked to the Russian military per numerous cybersecurity firms.
“The FBI will not allow malicious cyber actors, regardless of whether they are state-sponsored, to operate freely,” said FBI Special Agent in Charge Bob Johnson in a statement. “These hackers are exploiting vulnerabilities and putting every American’s privacy and network security at risk."
The group has been operating since 2007 under the names "Fancy Bear," "apt28" and "sednit," among others, according to the Department of Justice. They target government military and security organizations as well as "other targets of perceived value."
“The Department of Justice is committed to disrupting, not just watching, national security cyber threats using every tool at our disposal, and today’s effort is another example of our commitment to do that,” said Assistant Attorney General for National Security John Demers in a statement. “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities."