It was discovered this week that hackers have infected over 500,000 small business and home routers with malware that is being used to watch network traffic, collect information and launch attacks.
This attack was discovered by Cisco and they made the news available publicly after realizing the full extend of the breach. The attack is known as VPNFilter and impacts routers from Linksys, MikroTik, Netgear, TP-Link and network attached storage devices from QNAP.
It is a vulnerability in the OS of the routers with firmware 1.3.1, 1.3.3, 1.4.0 and 2.0.22. Many of these routers are used by internet providers so most of the times the passwords are still the default ones set by the manufacturer, as well as they are rarely upgraded.
Here are some impacted models:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
If you have one of these models, or any other router from these brands it is highly recommended that you do the following:
- Reset the router back to defaults
- Set back up your router with a unique username and password
- Install any and all firmware updates
- Monitor closely over the next few months for any new firmware upgrades as they become available and run them.
Of course this is still a developing story, although the FBI has seized one server used in the attack so far.