Data is valuable to business, so it’s bizarre that some companies don’t have a proper data backup strategy in place. Organizations of all sizes — including yours — need to be proactive when backing up their data. Here are four of the best backup solutions in the market for your consideration. USB flash drives USB Learn More “The best data backup solutions for your business”
If your PC has been struggling to perform all the tasks you have at hand, we completely understand why you would be itching for a new one. But even if it’s old, sluggish, and always crashing, your old desktop or laptop may still prove to be useful. Here are some things you can do with Learn More “What can you do with an old PC?”
Today’s businesses rely heavily on data to run their day-to-day operations. They use it for everything from building client relationships to developing marketing strategies and so much more. But without data backups, businesses stand to suffer from major losses and even end up closing up for good should any natural or human-made disaster occur. With Learn More “Back up your data with these solutions”
It’s inevitable. Sooner or later, you’re going to have to replace your computer. But while it may not be as fast as when you first got it or as sleek as your new computer, your old desktop or laptop might still have a lot to offer— after upgrading it a little, that is. Here are Learn More “Great uses for an old computer”
A week ago, leading cyber threat intelligence team Cisco Talos reported that no less than 500,000 IoT devices in up to 54 countries were infected by new malware called VPNFilter. An earlier version, believed to be launched by a nation-state, targeted Ukraine.
How VPNFilter Works
Talos cited the vulnerable devices as Linksys, MikroTik, Netgear, and TP-Link networking equipment, as well as network-attached storage (NAS). Upon infecting a small office home office (SOHO) router, VPNFilter deploys in three stages.
In stage 1, the malware imposes its presence by using multiple command-and-control (C2) infrastructure to capture the IP address of the existing stage 2 deployment server. This makes VPNFilter so robust that it can deal with any unpredictable changes in C2. This stage of the malware persists through a reboot, which makes preventing reinfection tough in stage 2.
Stage 2 involves deploying modules capable of command execution, and data collection and exfiltration. According to the United States Department of Justice (DOJ), this can be used for intelligence gathering, information theft, and destructive or disruptive attacks. Moreover, stage 2 malware has a “self-destruct” feature that once activated by the hackers will overwrite a critical area of the device’s firmware so it stops functioning. This can happen on almost every infected device.
In Stage 3, a module with packet-sniffing capabilities is added to enable monitoring of internet traffic and theft of website credentials. And yet another module is installed to deploy communication support for the Tor network, which can make communicating with the C2 infrastructure harder.
According to Talos, the likelihood of the attack being state-sponsored is high, something the DOJ later backed up. The DOJ attributed it to a group of actors called Sofacy (also known as APT28 and Fancy Bear), the Kremlin-linked threat group believed to be responsible for hacking the Democratic National Committee computer network two years ago.
On the night of May 23, the FBI announced that they have seized a domain which is part of VPNFilter’s C2 infrastructure used to escalate the malware’s effects. This forces attackers to utilize more labor-intensive ways of reinfecting devices following a reboot. With the seizure, the government has taken a crucial step in mitigating VPNFilter’s impact.
Stopping the Malware
Researchers agree that VPNfilter is hard to prevent. While vulnerability has been established, patching routers isn’t easy, something average users might not be able to do on their own. But as with any malware, the impact of VPNFilter can be mitigated, which is done by terminating the C2 infrastructure used.
To minimize exposure, the FBI recommends all SOHO routers be rebooted, which, according to a statement from the DOJ, will help the government remediate the infection worldwide. The justice department, along with the FBI and other agencies vowed to intensify efforts in disrupting the threat and expose the perpetrators.
For their part, Talos offers the following recommendations:
- Users of SOHO routers and/or NAS devices must reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
- Internet service providers that provide SOHO routers to their users should reboot the routers on their customers’ behalf.
- If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
- ISPs will work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.
Combat the VPNFilter malware by rebooting affected devices. For more tips, contact our team.