Router Attack Worse Than Thought: Everyone Reboot Now, FBI Says

The FBI says we all need to reboot our internet routers following reports that more than 700,000 of them used in homes and businesses in more than 50 countries have been infected with a type of malware that can collect sensitive information like login credentials, carry out destructive, large-scale cyberattacks and block network traffic.

And it’s a lot worse than anyone thought two weeks ago when the FBI released its first warning about malware-infected routers.

The malware, which the Justice Department said has been traced back to the Russian government, with Ukraine the likely target, was originally thought to affect about 14 models and brands of routers. But it potentially includes any home router or attached storage devices, as well as those provided by internet and cable television companies.

Cisco security researchers discovered the VPNFilter malware in routers made by Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE.

The malware can set up a man-in-the-middle attack on traffic that comes through the router, which makes everyone on the network susceptible to attack and data thefts. This is how Ars Technica explains it:

“Attackers can use this ssler module to inject malicious payloads into traffic as it passes through an infected router. The payloads can be tailored to exploit specific devices connected to the infected network. Pronounced ‘essler,’ the module can also be used to surreptitiously modify content delivered by websites.”

The discovery of the ssler module suggests that the router owners are a key target of the VPNFilter, cybersecurity experts believe.

“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device.

“They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”

To be safe, the FBI recommended that users of all SOHO (small office/home office) routers and NAS (network attached storage) devices reboot them. To do that, follow these steps from Digital Trends:

1. Physically unplug the router and modem from everything they are attached to, including each other and the power source. Don’t fiddle with onboard options called “reset” or “restart,” because that could trigger a factory reboot that will erase your current settings. After the devices have had a chance to cool off and you’ve established the Wi-Fi network isn’t working, plug everything back in. At least a minute should have elapsed before you do that, and you should have a restored internet connection in another minute.

2. Next, update your firmware. The process will take about five minutes and you won’t be able to use your Wi-Fi. You’ll need your router login for this step. Firmware, the integral software that makes the router function, doesn’t update as often as computer operating system software, but it typically does when major security problems emerge. Find the app or administrator site for your router and download the firmware, which includes patches for any vulnerability that may be present. Digital Trends has a guide for common router brand logins. Go here for a Linksys setup, here for TP-Link and here for Netgear. We also have a more in-depth guide for common router brand logins.

3. Update related apps on mobile devices used to manage router settings or view router usage reports. Visit your app settings and make sure the app is updated to the most current version.

4. Change your router password. If you’re using still using a default password, your router is more vulnerable to hackers. The administrator tools you used to download the firmware offer guidance on user and login information changes. And remember, the stronger the password and the more unique it is to you, the harder it is to hack. Because you won't often use this password, be sure to write it down somewhere and store it in a secure place.

Photo via Shutterstock / boyhey