That nasty Russian malware is infecting even more devices that we originally realized
The list of affected devices continues to grow.
VPNFilter, the Russian malware on routers discovered just a few weeks ago, has affected more servers than initially thought. The reason? Cisco Talos has found that the nasty bug can bypass the SSL encryption you often see on the web, according to Engadget.
Previously, researchers from Cisco had thought VPNFilter had infected 500,000 routers worldwide. That number is likely to rise because the malware can bypass SSL encryption.
As Engadget explains:
The threat of VPNFilter continues to loom large because the attackers could set up a new domain to infect more devices, and because many companies are slow update their firmware. Hopefully, affected customers will act quickly enough to stop VPNFilter in its tracks before it does any real damage.
Based on this new information, Cisco Talos has updated the list of affected devices. These include enterprise and small office/home office routers from Asus, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE, as well as QNAP network-attached storage (NAS) devices.
Symantec notes that VPNFilter seems to be targeting routers in Ukraine, although there’s still a chance routers in other areas could become affected. If you have a router on the list, you’re advised to reboot the device immediately and then see if there’s a firmware patch available. In some cases, your best bet is to restore your machine to its factory settings.
The U.S. Federal Bureau of Investigation (FBI) is also involved. A federal judge in Pennsylvania gave the organization permission to seize an internet domain that authorities believe was being controlled by a Russian hacker group called Sofacy to take over the infected devices. The order allows the FBI to direct the devices to communicate with an FBI-controlled server. In doing so, the server will allow authorities to remove malware from the infected equipment.
Instances of malware and security issues continue to be in the news. A few weeks ago, it was reported that Chili’s was hit by an attack. Previously, we told you about an attack at Slingshot.
Has your organization been hurt by any Russian Malware? Let us know below.