ShareThis Page

FBI: Turn off, on routers to protect against Russian-linked malware

| Tuesday, May 29, 2018, 7:54 p.m.

SAN FRANCISCO — Your mission, should you choose to accept it: Turn your router off, then turn it back on. That's one of the things the FBI is asking people to do to help thwart a cyberattack it says agents of a foreign government are launching against U.S. citizens.

Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others.

The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware.

The scope of the attack is "significant," the FBI said. Once the malicious software is on a user's equipment, it could stop the router from working, collect information from the systems that run through it and possibly block network traffic, according to the agency.

The Justice Department has linked the malware to a cyber espionage group that's been called Sofacy, APT 28 or fancy bear by researchers in the cybersecurity industry. It is believed to be linked to the Russian government.

In its announcement, the FBI only named "foreign cyber actors."

Talos, in its blog post Wednesday, said that the computer code used in the malware shows significant overlap with a malware that was responsible for multiple large-scale attacks that targeted devices in Ukraine.

VPNFilter has also been targeting devices in Ukraine, which Talos notes "isn't definitive by any means."

Russia or Russian-backed hackers are known to have launched cyber attacks on Ukraine because of the Russian-backed rebellion underway in that country's eastern provinces and because Russia is known to have extensive cyber capabilities.

What the FBI doesn't yet know is how VPNFilter is getting on people's systems.

There are several actions those with home routers can do to stop it. Turning the router on and off temporarily disrupts the malware and erases parts of it, though the router can be reinfected.

The best protection is to make sure the router's software has been updated and a strong password has been set. Many routers come with default passwords such as "password" or "1234," which the owners never reset, making them vulnerable to hacking.

For the more technically inclined, Talos suggested owners might disable remote management settings on their routers.

Router manufacturers Linksys, MikroTik, Netgear, QNAP and TP-Link have posted instructions for users to follow to update their routers' software.

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.

click me