As you may be aware, the FBI issued a warning last week about a malware botnet called VPNFilter. This malware originated in Russia and attacks “consumer-grade” routers typically purchased from retailers such as Best Buy and/or installed in homes by Internet Service Providers such as Spectrum, Time Warner, and Charter.
What did it infect?
The malware did not infect commercial grade routers typically in your business, such as those from Cisco, Fortinet, SonicWALL, or others. You can receive guidance from your Internet Service Provider if you or any of your staff are using any of the above-listed routers.
At a minimum, the router should be rebooted. You should also change the router password to one with a fair amount of complexity. (ISP technicians have a reputation for often not changing the simple “factory default” password when they install a router.) A router firmware may need updating.
The affected routers identified so far are:
- Linksys (Models E1200, E2500 & WRVS4400N)
- Mikrotik Cloud Core Routers (versions 1016, 1036 & 1072)
- Netgear (Models DGN2200, R6400, R7000, R8000, WNR1000 & WNR2000)
- QNAP (Models TS251 & TS439 Pro)
- QNAP NAS devices running QTS software
- TP-Link R600VPN
While we are unable to manage the consumer-grade routers targeted in this attack, We can offer you a powerful network security appliance (router/firewall/wireless access point) that can provide commercial-grade protection at your home or office.
If you have teleworkers or executives who access your network by working from home, you should be concerned about business risks created by consumer-grade routers. A relatively inexpensive corporate or business-grade firewall is likely an appropriate solution. Please let us know if you would like more information.