More than 500,000 routers and network devices in 54 countries have come under attack after being infected with a sophisticated and potentially destructive malware.
Hackers Infect Half A Million Routers Around The World
The malware, which has been dubbed as VPNFilter by security researchers, is not only capable of permanently rendering the routers inoperable by "bricking" the device with a single command but can also collect information from the devices, including login IDs and passwords, and launch other attacks.
Cisco warned of the new malware in a blog post on Wednesday, May 23. Talos researcher William Largent pointed out that the VPNFilter's most dangerous weapon is its ability to destroy a device with a "kill" command, which has the potential to cut off internet access for entire regions.
"If it suited their goals, this command could be executed on a broad scale, potentially rendering hundreds of thousands of devices unusable, disabling internet access for hundreds of thousands of victims worldwide or in a focused region where it suited the actor's purposes," Largent said in the post.
Are The Russians Involved?
Last month, the U.S. Department of Homeland Security, FBI, and the UK's National Cyber Security Center issued a joint statement warning about a Russian cyberattack that compromised routers, switches, and other network devices belonging to government and private organizations as well as individuals.
Although the Cisco blog post does not directly name Russia, it does mention that VPNFilter contains a broken function involving the RC4 encryption cipher, which is similar to the one found in the BlackEnergy malware. BlackEnergy was used in a series of attacks linked to the Russian government, including the Ukraine blackout in December 2015.
Ukraine's Security Service suspects that the VPNFilter could be used as a weapon by the Russians to launch a massive cyberattack on their country and cause disruption during or before the Champions League final between Real Madrid and Liverpool in Kiev on Saturday, May 26.
What Should You Do To Protect Your Device?
The malware is said to have affected consumer-grade routers made by Linksys, MikroTik, Netgear, TP-Link in addition to network-attached storage (NAS) devices from QNAP.
Users are recommended to reboot their devices and reset them to factory settings, as rebooting devices infected by VPNFilter prevents the malware from causing any harm.
Users who believe their devices may have been infected by VPNFilter are advised to contact the manufacturer immediately and make sure their device has been updated with the latest patch versions.
