The FBI recently urged users to reboot their routers in order to disrupt Russia-linked malware, VPNFilter, which has infected over 500,000 routers in at least 54 countries.
Matt Walmsley, EMEA Director at Vectra commented below on how users can secure their network infrastructure and prevent malware like this infecting their devices.
Matt Walmsley, EMEA Director at Vectra:
“With stories reporting routers being compromised by foreign nation states, we see yet again that consumer grade devices are being compromised and potentially weaponised. Consumers are often ill-equipped to manage their local cyber security, they should at the very least power cycle their devices and ensure they have updated to the latest firmware.
Enterprises also need to ensure they don’t leave the door wide open and should take another look at how they’re securing their network infrastructure. No software is perfect so make sure you’re up-to-date with software updates and patches for your network infrastructure. Then make sure you’re not exposing your equipment’s management interfaces and ensure you have changed the default admin credentials. For perimeter devices with internet connectivity this is doubly important. This may seem like “cybersecurity 101” advice but recently default settings in some Cisco switches allowed over 168,000 devices exposed to the internet to be identified as vulnerable to illicit remote command execution via an admin protocol.
Firmware may not be that firm – Advance attackers will seek to compromise the underlying firmware of their target platform. Even if you have robust OS level security controls, threats such as Sub-OS rootkits will remain undetected. However, with recent advances in AI-based behaviour threat detection, we can now spot in real-time the very subtle signals attackers use to perform command & control (C2) orchestration to devices that have compromised firmware by looking for the attacker’s “knocking” signals hidden within legitimate communications. With that actionable insight, platforms can be completely reset and their firmware, OS images, and configs reloaded from known good sources.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.