As you may be aware, the FBI issued a warning last week about a malware botnet called VPNFilter. This malware originated in Russia and attacks “consumer-grade” routers typically purchased from retailers such as Best Buy node installed in homes by Internet Service Providers such as Spectrum, Time Warner, and Charter.
The malware has not been found to infect commercial grade routers typically installed in your business, such as those from Cisco, Fortinet, SonicWALL or others. If you or any of your staff has one of the following routers installed at home, we recommend the Internet Service Provider be contacted for guidance.
At a minimum, the router should be rebooted – and the router password should be changed to one with a fair amount of complexity. (ISP technicians have a reputation for often not changing the simple “factory default” password when they install a router.) In some cases, a router firmware upgrade may be required.
The affected routers identified so far are:
- Linksys (Models E1200, E2500 & WRVS4400N)
- Mikrotik Cloud Core Routers (versions 1016, 1036 & 1072)
- Netgear (Models DGN2200, R6400, R7000, R8000, WNR1000 & WNR2000)
- QNAP (Models TS251 & TS439 Pro)
- QNAP NAS devices running QTS software
- TP-Link R600VPN
While we are unable to manage the consumer-grade routers targeted in this attack, We can offer you a powerful network security appliance (router/firewall/wireless access point) that can provide commercial-grade protection at your home or office.
If you have teleworkers or executives who access your network by working from home, you should be concerned about business risks created by consumer-grade routers. A relatively inexpensive corporate or business-grade firewall is likely an appropriate solution. Please let us know if you would like more information.