VPNFilter, a new multistage and modular malware, unlike most other IoT(Internet pf Things) threats is capable to maintain a persistent presence on an infected device even after the system reboot.
The malware can ostensibly be used to collect victim’s personal information, permanently destroy device and launch attacks on other devices.
Since 2007 this sophisticated malware has targeted half a million routers and network devices in around 54 countries. The infection contains the killswitch for routers that is capable of stealing victim’s logins and passwords information. It also possesses the potential to monitor industrial control systems and deprive all the devices from accessing internet.
The mischievous effort to design the vicious infection is attempted by a Russian hacking group, the Sofacy Group also known as Apt28 or Fancy Bear group. The group is believed to have targeted government, military and security organizations since 2007.
The affected devices include routers from Linksys, MikroTik, Netgear and TP-Link among many others.
As per Cisco ASA ACLs policy, VPN Filters provide the ability to permit or deny a pre-encrypted traffic before it enters a tunnel and post- decrypted traffic after it exits by configuring ACL (Access Control List).
The filter can be configured on the group policy, username attributes, or Dynamic Access Policy (DAP).
However violation to standard Cisco ACLs rules end up inviting cybercriminals to implant botnets to steal important information from the computer system which is accomplished in 3 stages.
VPNFilter is a multi-staged piece of malware.
Stage 1: This stage includes the infiltration of the virus in the system. Once proliferated, the malware maintains a persistent presence on the infected device and communicates with command and control (C&C) server to download further modules.
Stage 2: In this stage the malware collects the files, executes the command and sends the data to the cyber criminals. It also has a destructive capability and can effectively “brick” the device if it receives a command from the attackers.
Stage 3: This stage acts as a plug-in for Stage 2. In this stage the traffic is spied and routed to the cyber criminals.
The under secured IoT devices are located by the BOTs which create a robot network also known as zombie network to launch a massive attack on thousands of devices all together.
The new VPN Filters are designed to include a ‘kill’ command which overwrites the flash memory of the devices to eliminate their traces from the device and hence prevent the malware from being tracked.
Attack on the routers not only halts internet access, but also allows the malware to carry out a variety of malicious activities which includes intelligence gathering, monitor web activity including password use and other destructive or disruptive attacks.
The malware attacks basically set up a hidden network targeting millions of routers, with plans to carry out massive attacks leveraging the devices. Let us know about the targeted victims:
Direct plugging onto the internet by design is the major the problem with IoT devices such as routers. However there are routers which are very secured which doesn’t allow file sharing, modification or updation.
Nevertheless, irrespective of the router you use, here is a list of preventive steps to be followed to prohibit the entry of this noxious router infection:
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.