VPNFilter update: VPNFilter targeting more devices, exploiting end-devices without user’s knowledge

VPNFilter, the malware discovered last month affecting hundreds of thousands of home and office routers, is way more dangerous than initially thought. It is targeting more vendors and devices, and injecting malicious content into traffic without user’s knowledge.

In last week of May, FBI had warned all the router users to reboot their devices to temporarily disrupt the malware. According to FBI, the malware could collect information that passes through routers, exploit the devices, and block network traffic. Routers from several manufacturers including MikroTik, Netgear, Linksys, and TP-Link were found compromised with the malware.

Fast forward, the researchers at Cisco Talos reported that VPNFilter is affecting more devices than previously thought. It is targeting six additional vendors including ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE, the researchers said.

If that’s not bad enough, the researchers also claimed that attackers can manipulate internet traffic on the end-devices in several ways. Earlier, only two stages of attack were discovered. Now, the researchers have suspected a stage 3 module that allows attackers to intercept network traffic and inject malicious code into it without letting the users know.

“The technical sophistication of this attack is like nothing we’ve ever seen before. The bad guys continue to innovate and interate using a modular approach. Our research into this shows they can deliver threats to the endpoint and network. Once you can inject code you can quite literally do anything- steal passwords, install software…”  said Matt Watchinski, VP, Cisco Talos.

The large enterprise-grade routers, and Cisco routers and switches have not been affected, said researchers.

Also read: Slingshot malware attacking router-connected devices since 2012 without detection

To protect against this malware, researchers suggested the same thing as they did two weeks ago: Unplug the device from network, restore it to original factory settings, and update security patches.

Articles Cloud News New Products

“IT managers can’t tell you how 45% of their bandwidth is consumed”: Dirty Secrets of Network Firewalls report

One-in-four IT managers could not identify around 70% of network traffic, revealed a new report “The Dirty Secrets of Network Firewalls”. On average, 45% of the network traffic was going unidentified.

The report is result of a survey of 2700 IT decision makers across ten countries, by leading network and endpoint security provider- Sophos.

The most crucial finding of the survey was that most firewalls were failing to do their job adequately. The organizations had lack of visibility into the network traffic. Since, it was not visible, it could not be controlled.

Dirty Secrets of Network Firewalls

  • 84% of IT pros concerned about security due to lack of visibility into network traffic

84% of the respondents agreed that lack of application visibility was a serious security concern for their business and could impact effective network management. It could result in ransomware, malware, data breaches and other advanced threats.

The increased use of encryption, browser emulation, advanced evasion techniques were the factors that impacted the ability of network firewalls to provide adequate visibility into application traffic.

  • Organizations spent an average of seven working days per month in remediating infected machines

According to the report, the small-sized enterprises spent an average of five working days to remediate 13 machines per month. On the other hand, the large enterprises spent an average of ten working days to remediate 20 machines per month.

Overall, on average, the organizations spent around seven working days to remediate 16 infected machines per month.

The organizations were looking for an integrated network and endpoint security solution that could halt the threats. 99% of IT managers wanted a firewall technology that can automatically isolate infected computers.

79% of the IT managers wanted better protection from their current firewall, while 97% expected firewall protection from the same vendor which allowed direct sharing of security status information.

  • Other risks to businesses due to lack of visibility into network traffic

Other than the security risks, the lack of visibility concerned organizations on other aspects as well.

52% of IT managers said that lack of network visibility negatively impacted the business productivity. They could not prioritize the bandwidth for critical applications.

“For industries that rely on custom software to meet specific business needs, an inability to prioritize these mission critical applications over less important traffic could be costly,” revealed Sophos report.

50% of the respondents who invested in custom applications were unable to identify the traffic. It significantly impacted the return on investment.

  • Key findings of “The Dirty Secrets of Network Firewalls” survey:
  1. An average of 45% of network traffic was going unidentified, and hence couldn’t be controlled.
  2. 84% organizations concerned about security.
  3. 53% organizations concerned about productivity.
  4. 79% IT pros wanted better protection from current firewall.
  5. Organizations dealt with 10-20 infections per month.

Also read: Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report

The survey was conducted in October and November 2017, where IT decision makers in ten countries including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa, were interviewed.