Security researchers recently discovered that at least 500,000 routers in use by ordinary users and companies are infected with a malicious VPNFilter program, the previous version of which was previously distributed in Ukraine. At the moment the program was found in 54 countries, and its capabilities are very dangerous.
The Cisco Talos cybersecurity group reports that VPNFilter is most likely supported by a specific nation. The program itself is initially spyware, but it also found that VPNFilter have function of “self-destruction”. It is believed that this function can be run on each infected device. The routers of the manufacturers Linksys, MikroTik, NETGEAR and TP-Link are under threat.
VPNFilter allows attackers to control Internet traffic, intercept user data and exchange data via the Tor network. Cisco Talos reports, there are other plug-ins that have not yet been discovered.
The “self-destruct” function, which was mentioned earlier, removes important parts of the firmware of the device, which can at some point show real chaos.
Protecting yourself from VPNFilter is extremely difficult. The routers for home and small business have too weak protection. It will be even more difficult to get rid of the malicious program, because many users do not even suspect about the possibility of updating their router software.
All that can currently be done by owners of devices that are at risk is the restoration of the factory settings on the router and maintaining the relevance of the firmware. However, there is no guarantee that these actions will protect against infection.