Number 5: VPNFilter

More and more, our business environments are connected to the cloud. The transmission of data and the speed to which it can be accessed is critical to business intelligence and competitive advantage. When that data becomes attractive to hackers, the vulnerability also becomes the biggest threat to a company’s livelihood. 2018 has seen a number of newsworthy cyber security breaches to date, and GDV is highlighting the top few in a series of blog posts, starting with #5: VPNFilter.

Last month, it was discovered that hackers working for the Russian government had infected more than 500,000 consumer-grade routers worldwide. The attack began by using a type of malware called VPNFilter which can be used to create a huge botnet. It can also spy on and change web activity on compromised routers.

An example in this article by Ars Technica of ways this attack can affect networks, “It actively inspects Web URLs for signs they transmit passwords and other sensitive data so they can be copied and sent to servers that attackers continue to control even now, two weeks after the botnet was publicly disclosed.”

What’s worse now, is that a senior executive at Talos cites that the hackers are now manipulating everything that travels through the device as well.

This attack taking place on routers around the world is still ongoing and we find out new information each day about the effects and consequences of the VPNFilter campaign.

You might be asking yourself if your router was one of the thousands infected with the malware. We have a list of the devices below. The bigger question is, if not now, when you are a victim of a malware attack, how would you protect your data?

The best way to prevent any loss of data or any sensitive information is to ensure your data is protected by backing up. In these examples where we see infected devices, a simple backup of all data could save you hours of resources to re-establish a clean data set.

List of infected devices:

Ars Technica listed known infected devices:

Asus Devices:

RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link Devices:

DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei Devices:

HG8245 (new)

Linksys Devices:

E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik Devices:

CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear Devices:

DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP Devices:

TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link Devices:
R600VPN
TL-WR741ND (new)
TL-WR841N (new)
Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)

Upvel Devices:

Unknown Models* (new)

ZTE Devices:

ZXHN H108N (new)