CREATIVE PROGRAMS AND SYSTEMS

PROFESSIONAL PEOPLE. PROFESSIONAL RESULTS.

810-224-5252
Managed IT Services Including: Custom Built and Maintained Servers and PC’s, Disaster Recovery Support, Security Audits, and Networking.
Computer Support Company Services Include: Troubleshooting, Repair and Malware Removal
Custom Web Designs with Custom Graphics, Coding, and Web Hosting Services
Custom Software Solutions that Include CRM Software, Database Programming, Inventory Systems, and Custom Ticket Programs
Custom App Programing and Development for iPhone and Android Applications
Online Marketing Services (SEO) that Include Search Engine Placement, Keyword Research, Adwords Management, and Website Content Writing

CPS NEWS STAND PROFESSIONAL NEWS. PROFESSIONAL ADVISE.

FBI to all router users: Reboot now to neuter Russia's VPNFilter malware

2018-05-29 15:51:11


The FBI is recommending that all small business and home router owners reboot devices, even if they're not among the brands known to be affected.

The FBI is urging small businesses and households to immediately reboot routers following Cisco's report that 500,000 infected devices could be destroyed with a single command.

The malware, dubbed VPNFilter, was developed by the Russian state-sponsored hacking group Sofacy, also known as Fancy Bear and APT28, according to the FBI, which last week obtained a warrant to seize a domain used to control the infected routers.

Cisco's Talos Intelligence researchers revealed in a report last week that 500,000 routers made by Linksys, MikroTik, Netgear, and TP-Link had been infected with VPNFilter.

The malware is capable of collecting traffic sent through infected routers, such as website credentials.

However, the most worrying capability is that malware allows its controllers to wipe a portion of an infected device's firmware, rendering it useless. The attackers can selectively destroy a single device or wipe all infected devices at once.

Cisco released the report on Wednesday after observing a spike this month in infections in the Ukraine, which accused Russia of planning an attack to coincide with Saturday's Champions Cup final in Kiev.

The country also blamed Russia for last June's NotPetya attacks that mostly affected Ukraine organizations but also spread within multinational corporations with offices in Ukraine.

Users with infected routers can remove the dangerous Stage 2 and Stage 3 components of VPNFilter by rebooting the device. However, Stage 1 of VPNFilter will persist after a reboot, potentially allowing the attackers to reinfect the compromised routers.

The web address the FBI seized on Wednesday, ToKnowAll[.]com, could have been used to reinstall Stage 2 and Stage 3 malware, but all traffic to this address is now being directed to a server under the FBI's control.

The FBI nonetheless is urging all small office and home router owners to reboot devices even if they were not made by one of the affected vendors. This will help neuter the threat and help the FBI identify infected devices.

"The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices," the FBI said in a public-service announcement.

"Owners are advised to consider disabling remote-management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."

Cisco and the Justice Department have also urged all home and small office users to reboot routers.

The Justice Department said the FBI-controlled server to which infected devices are now communicating with will collect the IP addresses of each device.

The addresses are being shared with the non-profit cyber security group, The Shadowserver Foundation, which will disseminate the addresses to foreign CERTs and ISPs. The FBI and US DHS CERT has also notified some ISPs.

It's not known how the attackers initially infected the routers, but Symantec noted in its report on VPNFilter that many of them have known vulnerabilities.

"Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading the threat," wrote Symantec researchers.

Known infected devices include:


Original Source: https://www.zdnet.com/article/fbi-to-all-router-users-reboot-now-to-neuter-russias-vpnfilter-malware/

 

OTHER ARTICLES:

More...
News Stand

TESTIMONIALS

You are phenomenal! I really love your mock up! And I am usually so very critical... I see that my faith in you was well placed! You got all the information and categories on the landing page while maintaining serenity and classy professionalism. You really listened! Bravo!

Lake and Land Real Estate

CPS is a company that not only has the know-how to solve your computer and IT related challenges, but they are a company with integrity. My experience is that CPS provides the best solutions without trying to sell customers things they don't need. In addition, they are timely, efficient, and fun to deal with. I highly recommend CPS!

Rev. Don Weatherup
Pastor, Arise Church

Thank you for guiding us with our tablet programming. The staff is thrilled at how quickly they can perform their tasks now and how wonderfully responsive your team has been.

Scott Kiefer
Matrix Quality Services, Inc.

We've had a relationship with CPS since the onset of NurseTabs and the personnel has not only developed our apps, updates for them, and the NurseTabs website but has done so in a way that has helped NurseTabs grow our business. CPS has taken our creations and input and provided an end product that is exactly what we have asked for. It is apparent that their interest is customer driven, and has met our deadlines on every project.

Shawn Austin
AusQuinn LLC and NurseTabs

Special thanks to CPS in Brighton for all the work they have done on the network and website for us. CPS is fantastic to work with and if you find yourself in need of IT professionals I recommend you reach out.

Flat Land Games