While your computers run antivirus, you probably don't spend much time thinking about protecting your internet router. In fact, it's probably something that you (or your internet provider) set up and you proceeded to forget about. After all, unless you're having internet problems, you usually don't need to think about your router.
However, the latest malware, dubbed VPNFilter, is targeting routers — and it's already infected at least 500,000 of them. That gives VPNFilter a huge botnet of connected devices that it completely controls. On VPNFilter's command, your router could delete its flash memory, making it completely unusable — and taking you off the internet until you buy a new one. It could also quietly spy on your internet activity, stealing passwords and credit card numbers. Once your router is infected with VPNFilter, it can do almost anything it wants to your home network.
But the biggest danger from such a large network of infected systems would be a distributed denial of service attack (DDOS). These attacks use large groups of connected devices to flood sites with traffic, bringing them offline. While that may sound like a threat that doesn't hit close to home, an attack by the Mirai botnet in 2016 managed to cripple internet services in the US for the better part of a day — and Mirai only controlled about 100,000 devices. If VPNFilter-infected devices were ordered to attack, the consequences could be dire.
So dire, in fact, that the FBI has gotten involved, shutting down one server that VPNFilter uses to send commands to infected devices. It's a step that could slow VPNFilter down (and help the FBI identify more compromised devices), but it won't stop it. Though it's good to know that law enforcement is hard at work trying to keep our computers safe, we should still take precautions to protect our devices from VPNFilter.
Unfortunately, there's no easy way to tell if your router has been infected. So far security researchers have seen VPNFilter on Linksys, MikroTik, Netgear and TP-Link brand routers, as well as QNAP brand network-attached storage devices, specifically these models:
- Linksys E1200, E2500, and WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200, R6400, R7000, R8000, WNR1000, and WNR2000
- QNAP TS251, TS439 Pro, and other QNAP NAS devices running QTS software
- TP-Link R600VPN
Whether your device is on that list or not, it's a good idea to take some safety precautions. Even if you don't need protection from VPNFilter, some simple home network security could protect you from the next malware attack.
Here's what you should do.
Restart your router
If you're using a router that could be infected by VPNFilter, start by rebooting it. This won't get rid of the malware, but it will prevent it from doing any immediate damage. However, this is just a temporary fix, as the malware will eventually contact the VPNFilter servers to download those destructive files again.
Update your firmware
Next, you want to update your router's firmware. Many devices are being hacked because they have old security vulnerabilities that have never been patched. Updating the firmware will apply the latest bug fixes, which should secure it from VPNFilter — and future malware, too.
It's a good idea to update your firmware regularly, but because routers don't auto-update, you have to download and apply the update yourself. Each router will have its own way to update the firmware, but it's usually not too complicated. Often, you need to log into an administrator panel (usually from the web browser on your PC) and click a few buttons to find and install updates.
The best way to find specific instructions is to look them up from your router's manufacturer — or, if you can't figure out the instructions, call the company's support line.
Ditch the default password
Many routers — and connected devices in general — come with a default password or no password set up. Simple or non-existent passwords make setting up and using the device easy, because there are no complicated passwords to set up or remember. Unfortunately, hackers know those default passwords, too, which makes it very easy for them to get into your systems.
Again, look up instructions from your router's manufacturer to find out how to change the default or administrator password. Once you've done that, it's a good idea to change the default passwords for any other connected devices in your home. While they may not be targeted by VPNFilter, default passwords make them vulnerable to future attacks.
Turn off remote access
Many routers let you access their administration panel remotely over the internet. This can be convenient if you want to change your router's settings when you're out of the house, but that means hackers can get in and change those settings, too — especially if the admin panel is protected by a default password.
The best thing to do is to turn this feature off unless you absolutely need it. (Which you probably don't.) You'll probably find a checkbox to disable remote access somewhere in the administration panel, but if you're having trouble look up instructions on the manufacturer's website.
If all else fails, do a factory reset
Though this one is a nuisance, it's guaranteed to get rid of the most tenacious malware. Doing a factory reset will restore your device to its original setup from before it had the virus. However, it will also delete all of your router's settings and you'll have to configure it from scratch. Be sure to look up the router's getting started guide before doing a factory reset.
[image credit: router security concept via BigStockPhoto]
From Jennifer Weaver on May 29, 2018 :: 10:44 am
Does this include Routers that you get from the cable company? Comcast/Xfinity for example?
Yes, it does.
From Josh Kirschner on May 29, 2018 :: 11:43 am
The list of routers in the article are those currently known to be vulnerable. But that doesn’t mean other routers aren’t vulnerable, too. So yes, reboot your router, even those you get from your cable company.