2018 has seen a lot of new cyber threats. Hackers, scammers and the like are getting smarter. VPNFilter takes me back to the famous Stuxnet virus which infiltrated Iran’s nuclear program.
VPNFilter is an advanced threat which targets predominantly home/small business routers. So far, the threat has infected over half a million routers worldwide. But this number is expected to grow as more is discovered about the threat.
The threat performs a number of hostile functions. One of these is whats called a man-in-the-middle attack. Once the router has become infected, internet traffic that passes through the router is actively spied upon and can be tampered with, without the victims knowing.
The main point of this attack at this point in time is to steal sensitive data, such as usernames and passwords or banking information. However, with more being found out about this threat from various researchers, it is becoming clear that VPNFilter has the potential to be a far greater threat.
Cisco is expected to release a report this Wednesday (14th June NZD). From Arstechica:
“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
It has become apparent that more models and brands of routers are susceptible to this threat.
Layer3 provide a managed security gateways (security focused routers), among other security-focused services. Layer3 was alerted to this threat early. Currently, our security gateways are not listed as being compromised by VPNFilter. Customers with the affected routers have all been patched against the VPNFilter threat.
It is another reminder that security is the number one priority in IT and for Layer3 as a managed service provider.