Today, researchers at Cisco Talos published a report documenting a giant-sized IoT botnet known as VPNFilter.
The report observed that more 500,000 devices around the world are said to be infected with this malware – most of them are consumer internet routers from a range of different vendors, with some consumer NAS (network attached storage) devices known to have been hit as well.
The type of devices targeted by this actor, Cisco report says, are difficult to defend. “They are frequently on the perimeter of the network, with no intrusion protection system (IPS) in place, and typically do not have an available host-based protection system such as an anti-virus (AV) package.
“We are unsure of the particular exploit used in any given case, but most devices targeted, particularly in older versions, have known public exploits or default credentials that make compromise relatively straightforward. All of this has contributed to the quiet growth of this threat since at least 2016”, the Cisco report captured.
However, as a member of the Cyber Threat Alliance (CTA), Sophos has featured the warning about the malware in this Naked Security blog post: VPNFilter – is a malware timebomb lurking on your router?
Commenting on the report, Paul Ducklin, senior technologist at Sophos, recommends conducting a router health check, even if you believe the router is already up-to-date and don’t think devices are infected.
His comment: “It’s time for a router healthcheck,” said Paul Ducklin, Senior Technologist at Sophos. “Home devices like routers are popular targets for cybercrooks these days, yet they’re often neglected from a cybersecurity point of view. Start with the basics. Check for a firmware update with your router vendor – do it today! And pick proper passwords – the crooks know every default password that ever left the factory, so why make it easy for them?”