Router malware VPNFilter worse than expected; more brands may be affected | Inquirer Technology

Router malware VPNFilter worse than expected; more brands may be affected

/ 04:24 PM June 07, 2018

Image: Cisco Talos Security Intelligence and Research Group

Additional research on the router malware VPNFilter has found that it may be more dangerous than previously thought.

An update on the ongoing study of the router malware by Cisco Talos Security Intelligence and Research Group (Talos) found an even bigger threat than previously thought. VPNFilter may also be targeting new router brands in the malware’s continued spread, according to a statement.

Article continues after this advertisement

The new router brands the researchers found to be vulnerable are ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE. In addition, more device models from Linksys, MikroTik, Netgear and Network Storage Device (NAS) maker TP-Link were found to be vulnerable.

FEATURED STORIES

As for VPNFilter, cybersecurity researchers learned that the malware had a module they called “ssler” (pronounced “esler”), which could be used to hijack web traffic as it passes through a router or NAS. After hijacking, VPNFilter injects malicious software to infect more networked devices.

Talos also discovered a module they call “dstr,” or device destruction module. When activated, the dstr module removes all traces of VPNFilter including files needed by a device to operate normally. This basically renders the infected device unusable or “bricked.”

Article continues after this advertisement

The researchers put together a new list of affected networking devices, which includes models from the new brands being targeted.

Article continues after this advertisement

In conclusion, Talos researchers and their partner organizations found that VPNFilter could destroy not only a directly targeted device but also any other networking device connected to the initial victim. Attackers could effectively cover their tracks using this method after acquiring the information they needed.  /ra

Article continues after this advertisement

RELATED STORIES:

500,000 internet routers may be infected with destructive malware, experts say

Article continues after this advertisement

GitLab traffic spikes after news of GitHub purchase by Microsoft

‘Back to the Future’ inspires scientists to make ’flux capacitor’ for quantum computers

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TOPICS: Cisco, Cybersecurity, malware, malware infection, VPNFilter
TAGS: Cisco, Cybersecurity, malware, malware infection, VPNFilter

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.