If you have Comcast (Xfinity), you likely have a modem made by Arris (not on the list below). I bought my own modem for Comcast but it is an Arris brand as well.
The following is a notice that my company sent out to all employees today:
Recently the FBI became aware of a new malware attack called, VPNFilter, that has infected over 500,000 routers and network devices according to researchers from Cisco’s Talos Intelligence Group. As of May 23rd, 2018, Symantec has identified that VPNFilter is capable of infiltrating systems through the following routers:
• Linksys E1200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200
• Netgear R6400
• Netgear R7000
• Netgear R8000
• Netgear WNR1000
• Netgear WNR2000
• QNAP TS251
• QNAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN
VPNFilter has been able to spread through networks by targeting default credentials or known old exploitable vulnerabilities and has three identified stages to its operation.
Stage 1: The malware is installed and is activated to sustain a persistent presence on the infected device and will contact the command and control server to download additional modules
Stage 2: Executes the main payload and can collect files, execute commands, extract files, and modify device management. With the device management ability, the infected device can be “bricked” or render the infected device useless, if the command is received from attackers.
Stage 3: Is an optional stage that execute packet sniffers that spy on traffic routed through the device including credentials, credit card data, as well as monitoring of MODbus SCADA protocols with a variation that allows communication using Tor.
What Do I Need to Do?
All are being advised to reboot their routers immediately so that the Stage 2 and Stage 3 components of VPNFilter will be temporarily removed and prevent the damaging components of the malware from operating. If your device is infected, the presence of the Stage 1 element can result in the reinstallation of Stage 2 and Stage 3 components. To remediate this possibility, it will be necessary to install and apply the most recent patches available for your device and change all access credentials from default to unique inputs. If the rebooting process does not remove VPNFilter from your device, it is recommended that you execute a hard reset, or reset to factory, that will return you device to its settings that were present out of the box. Please note that all personalized configurations will be removed in this process. Additionally, to reduce the likelihood of future incidents or impact from this incident, it is advised that “Remote Management” feature of your router be turned off. If you are unsure of how to access the “Remote Management” feature settings, please see your device’s instruction manual.
|