Malware has infected half-a million routers in homes and businesses around the world, and that malware is vicious enough to destroy the devices with a single command.
According to an announcement from Cisco on Wednesday, the malware can collect communications and launch attacks on others.
The scale and type of attack are concerning, Cisco said. It is not known how many in the U.S. have been attacked. The announcements says the Ukraine has been the hardest hit region so far.
"Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues."
The malware can steal website credentials and perform destructive cyber attacks, the announcement states.
"The malware can also be leveraged to collect data that flows through the device. This could be for straightforward data-collection purposes, or to assess the potential value of the network that the device serves," the announcement says. "If the network was deemed as having information of potential interest to the threat actor, they may choose to continue collecting content that passes through the device or to propagate into the connected network for data collection."
How to protect your router
Cisco recommends:
Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
- Internet service providers that provide SOHO routers to their users reboot the routers on their customers' behalf.
- If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
- ISPs work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.
