The F.B.I. Public Service Announcementon May 25thasking citizens to reset their home and small office routers due to a cybersecurity threat called VPNFilter created by a group called Fancy Bear. Unfortunately, resetting your router or NAS device won’t be enough to eliminate the VPNFilter cyber threat. Yes, storage devices were impacted as well. You’ll need to follow the steps laid out below.
Check out the list of devices effected by VPNFilter, as per Symantec. If you have one of these routers, you’ll want to reset your router immediately.
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
Once you’ve identified the router you have and have reset it, you’ll want to update your firmware to the latest version. Going the extra mile to confirm that the update contained a fix for the VPNFilter is essential, as is, making sure the firmware was successfully updated. VPN is a Virtual Private Network or an encrypted tunnel that runs over the public internet to allow for secure communication between two devices.
Since the malware is persistent you’ll want to monitor your system to ensure phases 2 and 3 aren’t completed. To do that you’ll want to change passwords and monitor outgoing activities from any critical systems. That means your social media, VoIP system, banking or email. Essentially, anything that can be accessed via a web browser.
Buy a new router because sometimes if you buy cheap you buy twice. Here is a good example. Out of the millions of routers out there its estimated that 500k to one million routers have been affected. From an IT professional’s perspective, none of those are awesome routers and there are many other more secure options. The CloudOgre network hardware pageis a good resource to learn more.
If you’re running a growing business that relies on VPN capabilities for site to site connectivity, you may want to consider moving to layer 2 connectivity. Layer 2 connectivity like point to point connections, Ethernet private lines, mesh networks, etc. are typically less expensive from carriers because they don’t have to pay switching costs. Basically, site to site connectivity is cheaper for carriers to deploy so it’s less expensive as a monthly cost, more secure since it’s happening at the data link layer, and much easier to manage. Looking for additional detail on best practices for your wide area network?
Our question to ponder here is, as threats continue to develop on the internet so does reliance on its ubiquitous nature so how does this impact the end-user’s expectation? Furthermore, how does this impact the perception of SD-WAN and similar technologies that shape and secure traffic over the public internet? If you’re interested in keeping the conversation going just follow us on Facebook,LinkedIn, and Twitter.