As a service provider, part of our job is to stay up on the latest threats affecting our clients. This is prompting me to write an additional article for the month and get this news out in front of our clients ASAP. Likely this is the first time that you’re hearing of “VPNFilter” and have no idea what it’s all about. I have no doubt that you’re about to hear about it a whole lot more so I’m going to give you a very quick overview of the threat, how you’re safe if you’re following our standard practices, and what you can do if you’re not. The VPNFilter threat is a perfect example of what I previously laid out in our article “Anti-Virus isn’t enough” so I would encourage you to read up on that if you haven’t yet.
The TL:DR of this article is pretty simple, VPNFilter is a new Malware infection that is targeting perimeter networking equipment like routers and NAS devices. At this time, the equipment known to be affected by this threat are manufactured by Linksys, MikroTik, NETGEAR, and TP-Link however it is expected that there is a far larger umbrella of products being affected. When you look into that list one bell rings very loud, Small Business. Small Businesses are more likely to use these entry level networking devices and install them once and forget about them. Many of you may not even be aware that a router or other piece of networking equipment could even get a virus or malware on it. Well, those devices have firmware and software on them just like your computer does and those pieces are just as important to stay on top of your security procedures on.
The good news for you is that if you’re currently following the standard Infihedron networking model, you’re completely safe from this threat. The first note is that this is exactly why we push so hard for a dedicated security device as the first point of contact that your business has with the internet. Those threat management devices are designed to watch out for threats specifically like this. They are always up to date with the latest threat lists who’s sole purpose is to watch out for suspicious activity coming into your network and stop it. In addition to that, just like the way we keep your computer up to date, we keep these devices up to date with all of their firmware and software upgrades to make sure that vulnerabilities are closed as soon as they’re known.
I led this off by mentioning how you can prevent VPNFilter in your environment. The easiest way to accomplish this is to get in contact with us and make sure we get you following our recommended threat management procedures. If you aren’t a current client, or want to go at this yourself, the current recommendation is to restore your edge router to the factory default settings and restart it. So basically… fully rebuild your router. Without a very complicated and in depth dive into the hardware itself, there isn’t an easy way to verify that you’re safe. It’s currently best practice to do the factory reset and ensure that your firmware is up to date, no matter what your situation.
Stay safe out there everyone and if you want a very long and nerdy description of the threat in detail, please visit the original Cisco article, as Talos made the original public notification on this event.
Addendum – June 6, 2018 – Talos has updated their affected device list to include: ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. All Infihedron clients are still safe and all enterprise class solutions put in place for our clients are unaffected, but secured regardless. Any clients using Ubiquiti, don’t worry, you’re safe too; your sales rep will be contacting you to provide reassurance on the specifics for your environment and why you’re still safe.
Need more help?
Reach out to the Infihedron Support Staff to make sure that you’re safe from this threat.