Domestic routers, small and medium company routers and NAS (Network Attached Storage)
Cisco investigators have published a report that alerts about a malware called VPNFilter that affects domestic and medium enterprises routers and NAS storage devices.
The main affected brands by this malware are Linksys, MikroTik, NETGEAR, TP-Link and QNAP. Besides, according to the Cisco investigators, it is said that this malware is very similar to with the BlackEnergy one.
There are even more brands affected by this malware: ASUS, D-LINK, HUAWEI, UBIQUITI, UPVEL and ZTE. In addition, if you want to check if your device is on the list, you can go and check in this link: https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
The solution to eliminate part of this malware is to restore factory defaults and restart the routers. Besides, it is recommended to disable the remote administration of the device (before connecting it to the internet) by using Telnet, SSH, Windbox and HTTP with internet access (WAN)
Finally, it’s recommended to update to the latest version the firmware and the software of the affected devices.
he malware attack is placed in 3 steps: The first step is that the malware gets persistence on the device. In other words, even if you restart it, the malware on this first step will still be present on the device. On the next 2 steps, different functionalities are added but can be easily removed restarting the routers. Those functionalities will allow some actions like information steal, remote logins using codes or even damage the device until they make it unoperative, which would result on the enterprises losing information and preventing them to keep doing their work. That would severely damage their reputation and image.
Even deleting these 2 steps of the malware by restarting the router, its imperative that we make sure to delete the first step of the malware and implement network blocks as well to prevent the malware functionalities to work.