Australian Cyber Security Centre urges Australians to protect themselves from VPNFilter Malware threat
An announcement made by the Australian Cyber Security Centre (ACSC) warned Australian users to be careful of a malware called VPNFilter. It is dangerous because it can collect whatever data flows through the device and even worse, it can disable the devices.
The ACSC is alerting Australian users to be aware of the VPNFilter malware. It is known to affect networking equipment including Linksys, MikroTik, Netgear and TP-Link, as well as QNAP network-attached storage (NAS) devices.
This malware is a malicious actor that can compromise a device. Once affected, network traffic, including website credentials that are traversing the device can be collected.
The malware can also be leveraged to collect data that flows through the device. This could be for straightforward data-collection purposes, or to assess the potential value of the network that the device serves. If the network was deemed as having information of potential interest, there is an option also to continue collecting content that passes through the device or to propagate into the connected network for data collection.
More importantly, the malware can also be used to disable the device. It can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.
The VPNFilter Malware is known to have infected 500,000 devices in at least 54 countries. The type of devices targeted by this is difficult to defend. They are regularly on the perimeter of the network, without any intrusion protection system (IPS) in place, and typically do not have an available host-based protection system such as an anti-virus (AV) package.
The ACSC have released recommendations which Australian citizens can do to their devices in order to protect them against this malicious activity.
First would be to update the network devices to the latest available version of the firmware. It is important to note that updates are typically not automatic. Users should visit the manufacturers’ website for specific information on how to apply updates.
Second would be to disable network device management interfaces, such as Telnet, SSH, Winbox and HTTP/S, on WAN interfaces. If remote management of the router is required, guarantee that a complex password is used and a protocol that supports encrypted remote connections, such as SSH and HTTPS.
Third would be something as simple as remembering to change default log-in password of the router during the initial setup.
Similarly, a recent report emphasised an increase in botnet-assisted attacks, amplification DDoS attacks, and the return of long-lasting, multi-day DDoS attacks. A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website, system or other network resource, causing a denial of service for users of the targeted resource.
Such attack typically floods the targeted servers, systems or network to sabotage the victim. As the target system slows down or even crashes, it stops legitimate users from using the system.