Earlier this week, Cisco's security team
disclosed a Russian-developed malware called VPNFilter which compromised at least 500,000 routers built by Linksys, MikroTik, NETGEAR, and TP-Link as well as network-attached storage devices manufactured by QNAP. In addition to the threat protections rolled out by Cisco, the Federal Bureau of Investigation (FBI) has also released a public advisory calling on users of the affected networking devices to reboot the routers in order to destroy the malware. According to Cisco, the malware is designed to steal website credentials passing through the routers and render the infected small office and home office devices useless. The FBI also said it's currently hard to detect the malware's network activity as it uses encryption and misattributable networks. The router models affected by VPNFilter include:
Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
On top of a system reboot, the FBI also advises owners of the affected routers to switch off the remote management settings on their devices, use strong passwords for security, turn on encryption if available, and upgrade the devices to the latest firmware versions.
