Cincinnati Bengals Message Board / Forums - Home of Jungle Noise
Rebooting your router - Printable Version

+- Cincinnati Bengals Message Board / Forums - Home of Jungle Noise (https://thebengalsboard.com)
+-- Forum: Off Topic Forums (https://thebengalsboard.com/forum-5.html)
+--- Forum: Klotsch (https://thebengalsboard.com/forum-22.html)
+--- Thread: Rebooting your router (/thread-16084.html)



Rebooting your router - Bengalzona - 05-29-2018

The FBI issued a warning on Friday that you should reboot your routers due to a malware program:

https://www.forbes.com/sites/tomcoughlin/2018/05/28/fbi-says-you-should-reboot-your-routers-and-nas-devices/#6a513eeffed2

Quote:FBI Says You Should Reboot Your Routers And NAS Devices



Quote:The FBI and security experts have asked operators of common home and business internet routers and network attached storage (NAS) devices to reboot them in order to thwart a malware program known as VPNFilter. The Cisco Talos Intelligence group estimated that the malware infected more than 500,000 devices in 50 countries made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link last Wendesday.

According to the FBI warning, “the malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer.” They also warn that “VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and mis-attributable networks.

The FBI note goes on to request that “…any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

The source of the VPNFilter malware has been traced back to the Sofacy Group, also known as A.P.T. 28, Fancy Bear and Pawn Storm. It is believed to be directed by Russia’s military intelligence agency. Reports say that this is the same group that hacked the Democratic National Committee ahead of the 2016 presidential election.

An ArsTechnica.com article gives more details. The FBI has seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter—stages 2 and 3 can’t survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI’s advice to reboot small office and home office routers and NAS devices capitalizes on this limitation.

On Friday Justice Department officials wrote that Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second stage malware and causing the first stage malware on their device to call out for instructions. Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.

Rebooting serves the objectives of (1) temporarily preventing infected devices from running the stages that collect data and other advanced attacks and (2) helping FBI officials to track who was infected. Friday’s statement said the FBI is working with the non-profit Shadow Foundation to disseminate the IP addresses of infected devices to ISPs and foreign authorities to notify end users.

Authorities and researchers still don’t know for certain how compromised devices are initially infected. They suspect the attackers exploited known vulnerabilities and default passwords that end users had yet to patch or change. That uncertainty is likely driving the advice in the FBI statement that all router and NAS users reboot, rather than only users of the 14 models known to be affected by VPNFilter,

A more effective measure to remove all traces of VPNFilter is to perform a factory reset of a router. This will permanently remove all the malware, including stage 1. This generally involves using a paper clip or thumb tack to hold down a button on the back of the router for 5 seconds. The reset removes any configuration setting stored on the device, so users will have to restore those settings once the device reboots.

This latest report of router and NAS vulnerabilities to malware emphasizes that we live in a world where connectedness provides dangers as well as opportunities. We need to take connected device security seriously to protect our privacy.

Tom Coughlin consults and writes on digital storage and applications. He is chairman of the Storage Visions and Creative Storage Conferences, tomcoughlin.com



RE: Rebooting your router - treee - 05-29-2018

So it looks like you are particularly vulnerable if you didn't change the factory set password that came with your router.


RE: Rebooting your router - HarleyDog - 05-29-2018

The Russians are steeling your porn.