The FBI is urging small businesses, as well as consumers, to reboot and restart their routers, following a disclosure last week of a particularly sophisticated piece of botnet malware.
The malware, dubbed VPNFilter, was discovered by the Secret Service of Ukraine and dissected by researchers at Cisco Talos and Symantec. The FBI later gained control of some of the servers used in the attack. These domains are the ones that allowed the malware to regenerate itself.
In its warning, the FBI, along with the US Justice Department, offered a few additional details about VPNFilter, including the agency's belief that the Sofacy cyber espionage group was behind the development and spread of the malware.
What made VPNFilter particularly complex is that the malware was developed as a three-stage attack. The first stage reloads the malware after a reboot, which would normally erase the infection. The second stage contains the main payload and Stage 3 consists of plugins that work with the second-stage payload.
Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.
When the FBI seized the domains last week, agents took control of the servers that were part of Stage 1, meaning that the malware could not regenerate itself.
Still, the FBI is urging those businesses and home users to reboot their devices.
Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second stage malware and causing the first stage malware on their device to call out for instructions. Although devices will remain vulnerable to re-infection from the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.
Last week, Symantec released a list of possibly infected devices:
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
5G technology holds a good deal of promise for businesses, from expanded IoT capabilities to new ways to reach customers. The downside is that these networks require a new security approach, which InfoSec teams need to start thinking about now.
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
With the discovery of 'Collection #1,' security researcher Troy Hunt appears to have found the largest repository of stolen email addresses and passwords ever, totaling more than 87GB and 12,000 separate files.
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.