The FBI issued a formal warning yesterday. A malicious hacking campaign was unleashed on home and small business network devices worldwide with ties to Russia.
The hackers have deployed a botnet known as VPNFilter, targeting the routers in small business or home offices. As of yesterday, officials indicated that an estimated 500,000 devices around the globe have been infected.
The Department of Justice (DOJ) announced that the bureau is focused on shutting down the malware, which officials have linked to a cyber-espionage group known as APT 28 or Sofacy. This group has been tied to the Russian government by a number of cybersecurity firms.
The malware is designed to be disruptive in a number of ways. Stealing your website credentials, sitting and collecting other data passing through the router, and potentially shutting down millions of routers worldwide. This would essentially cut off Internet access to thousands of businesses who rely heavily on it to operate.
Here’s what the FBI is recommending you do.
The first thing they are asking you to do is to reboot the router. They believe this will temporarily disrupt the malware and aid in the detection of infected devices. Restech, an IT and Cybersecurity Firm, indicated that they are not exactly sure how that reboot will be effective but to go with the FBI recommendations.
Additionally, the recommendations are to disable remote management settings, upgrade your firmware and create new strong passwords. These are best practice activities that every business should be doing on a regular basis.
Vince Gremillion from Restech, a certified cybersecurity expert, said today that the best way to prevent these types of attacks is to always change the default password of any device exposed to the internet. These devices include security cameras, routers, and many other devices like Alexa, AC units, laptops etc.
He also indicated that making your password long is more important than symbols for security. The longer the password the harder it is to break. For more information on passwords and other security necessities he recommended downloading his 9 Point Security Plan by clicking here.
If you need help changing the password, you will need to login to the device you own using the default credentials provided on the vendors website. You can find the default by searching on the vendors name and then default/reset password (i.e. NETGEAR (TRENDNET, DLINK, etc) Default/reset password).
You will also want to look for additional information about the attack to come through the Federal agency IC3, whose purpose is to help facilitate reporting about internet facilitated criminal activity. Until then its best to follow the recommendations.
Cyber is the new war zone.
It should be pretty clear by now that cyber is the new war zone. Cyber threats will continue to mount as cyber criminals have tapped into a lucrative gold mine that keeps them well hidden from view. Businesses of every size need to make cybersecurity and cyber resilience a priority.
Vince Gremillion indicated that managing the cyber landscape is a tall order. He recommends that it’s a discipline better handled by cyber certified professionals who understand the ever changing cybersecurity landscape and can continually help protect an entity's best interest.Gremillion said that his company has been focused on security as a service for a number of years now. It’s hard for a general IT person, or business owner to keep up with the growing threats without help.