The Talos cybersecurity unit of Cisco released a statement on Wednesday warning Internet users about a new kind of malware. The VPNFilter malware includes a self-destruct feature which can cause over 500,000 routers in 54 countries to brick themselves when activated. The cybersecurity unit claimes that the spyware could achieve 100% success rate at self-destructing routers and the malware can also be used to gather and exfiltrate data from users. The hackers responsible for creating the malware have had a major portion of their infrastructure taken down by the FBI.
The affected devices include Netgear, MikroTik, Lynksys, and TP-Link home and business routers as well as NAS devices. Other types of routers have not been affected according to the Talon cybersecurity team. The IoT devices are immune to the malware as they can purge malware when rebooted.
The VPNFilter malware can also be used to sniff packets and allow attackers to monitor and intercept web browsing data including login credentials of websites. Researchers also suspect malware plugins similar to VPNFilter may exist that have not been discovered yet.
With little to no protection in home routers and no form of anti-malware mechanisms available in commercial grade routers, average users cannot patch the vulnerabilities by themselves. Hackers can hijack firmware updates and inject malware directly when users try to update their routers with the latest firmware updates.
The security team from Cisco has offered a few solutions that can be undertaken. Users of home and office routers are recommended to reset and reboot their routers to factory default settings. Resetting routers can prevent the devices from self-destructing or allowing hackers to get access to personal data.
ISPs that provide routers to their users can reboot the routers on behalf of their users to ensure the VPNFilter malware cannot be implemented. ISPs and router manufacturers need to work together to ensure patches against the malware are provided before any large-scale attacks happen.