Have you heard about the latest VPNFilter Malware attack?
In brief, the software networking firm and its network analysis department known as ‘Talos’ identified a malware known as VPNFilter a few weeks ago. Something about these attacks made them particularly risky. If you are an individual or any small or medium business organization accessing the internet using routers from companies such as Linksys, Netgear, QNAP, TP-Link, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE then you are vulnerable to the VPNFilter malware attack.
Read on to understand where do you stand and what you can do to avoid falling victim of this vicious malware attack.
The first thing that you need to understand is that VPNFilter has a 3 stage attack procedure.
The first stage, which is one of the most potent and dangerous one too, plants itself into the router firmware. In most malware attack cases, a reboot would make the malware go away. That’s where VPNFilter stands out. It persists through the reboot and after the reboot it initiates the second stage.
The second stage is about spying on the user activity and data and then storing and accessing user data, tracking the URLs and getting to know more about the victim. The most terrifying factor is that the user never realizes that they have been attacked. The reason being that VPNFilter uses the technique of “Man in the Middle” or MitT attack. What happens in this form of cyber attack is that the spyware gets attached to the router and then collects user data and prepares for a larger assault while the user is completely unaware of it. The image below explains the process.
Source: Yeahhub.com
If this seems scary to you then you haven’t yet heard the interesting bit yet. The third stage is about introducing different plugins which can perform different types of actions. One of them is it can downgrade the security level of your requests from HTTPS to HTTP protocol. This in turn makes your data unencrypted and also makes your passwords and other valuable data open to anyone who is snooping on your network.
The rest of the hacking process then eventually becomes much easier. Imagine what could happen if you logged in to a social media platform or into your netbanking application and the data is phished away. The worst part is that you won’t even know that your account is hacked until the hackers expose themselves by making malicious transactions.
The horror story doesn’t end here, it also comes with a “Remote Destroy” button. This enables the hackers to delete important network and configuration files from your router before destroying the malware and this means your router will be rendered useless after they choose to do so. This gives them the power to disrupt internet connectivity on a global scale since the number of routers presently affected can be anywhere around 500k.
How can you save your router from this onslaught. Rebooting doesn’t work. The only way that some groups have suggested is to restore factory defaults of your router, upgrade the firmware of your router, and log in with your credentials. This three step process might be the only way you can get away from this attack. How to know that your router is no good? Try updating it to the latest version of firmware, if it says unable to upgrade, you can be damn sure of the fact that it’s time for you to buy a new one.
BeyondCorp is transforming enterprise security
Top 5 cybersecurity assessment tools for networking professionals
IoT Forensics: Security in an always connected world where things talk