【重置你的路由器吧,FBI称发现俄罗斯恶意软件攻击“成千上万”的设备】

【重置你的路由器吧,FBI称发现俄罗斯恶意软件攻击“成千上万”的设备】FBI敦促用户重置路由器和网络设备,因日前发现名为“VPNFLAST”的俄罗斯恶意软件,它可以截断互联网流量,盗取数据及“感染”设备,使设备不能运行。相关人员表示,重置路由器及更改上网设备密码是一种有效的预防措施。

http://www.dailymail.co.uk/sciencetech/article-5789001/Do-need-reset-router-FBI-warns-consumers-identifying-Russia-linked-malware-attack.html

Do YOU need to reset your router? FBI warns consumers after identifying Russia-linked malware attack that hit 'hundreds of thousands' of devices

  • The FBI is urging people to reboot their routers and network-equipped devices
  • The agency identified a Russia-linked malware attack called 'VPNFilter' last week that can block web traffic, collect data and render devices inoperable
  • As a precaution, they instruct users to reset their router, but experts also say they should perform a factory reset and change their password to be safe 

The FBI is urgently warning consumers to reboot their routers after the agency identified a Russia-linked malware attack that targeted 'hundreds of thousands' of devices.

The malware, called 'VPNFilter', can block web traffic, collect data and leave devices completely inoperable, the FBI announced on Friday.

'Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide,' the PSA posted on the FBI's Internet Crime Complaint Center website read.

Scroll down for video

The FBI is urgently warning consumers to reboot their routers after the agency identified a Russia-linked malware attack that targeted 'hundreds of thousands' of devices

The FBI is urgently warning consumers to reboot their routers after the agency identified a Russia-linked malware attack that targeted 'hundreds of thousands' of devices

It's unclear how it's getting on to people's devices, but authorities believe it's linked to a group of actors known as the 'Sofacy Group,' which is also referred to as 'apt28,' 'sandworm,' 'x-agent,' 'pawn storm,' 'fancy bear' and 'sednit.'

'The group, which has been operating since at least in or about 2007, targets government, military, security organizations, and other targets of perceived intelligence value,' the DOJ said in a press release.

Sofacy is the same group believed to be responsible for many of the recent attention-grabbin Russian hacks, such as the hack of the Democratic National Committee during the 2016 US presidential campaign.

 

Sofacy is accused of infecting devices with malware called 'VPNFilter' in more than 50 countries, with the most immediate target for further action believed to have been Ukraine, Reuters reported.

According to the FBI, VPNFilter attacks 'routers produced by several manufacturers and network-attached storage devices by at least one manufacturer'.

A report by Cisco's Talos Intelligence Group found that at least 500,000 routers in as many as 54 countries have been affected by the malware.

Given the scale of the malware attack, the FBI recommended that consumers reboot their routers. To do this, unplug your router and wait a full 60 seconds before turning it back on

Given the scale of the malware attack, the FBI recommended that consumers reboot their routers. To do this, unplug your router and wait a full 60 seconds before turning it back on

This malware gives these hackers the capability to carry out a variety of invasive tasks, 'including possible information collection, device exploitation, and blocking network traffic'

This malware gives these hackers the capability to carry out a variety of invasive tasks, 'including possible information collection, device exploitation, and blocking network traffic'

This includes routers manufactured by Linksys, MikroTik, Netgear and TP-Link.

'The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide,' Talos said in its report.

It's believed by experts that Russia has been carrying out a series of cyber attacks against companies in Ukraine for over a year that have resulted in hundreds of millions of dollars in damages as well as one blackout.

The Ukrainian government has  now accused Russia of planning a cyber attack on Ukrainian state bodies and private companies ahead of the Champions League soccer final in Kiev on Saturday.

The Kremlin denied this accusation on Thursday.

The group of actors believed to be behind the attack is known as the 'Sofacy Group,' which is also referred to as 'apt28,' 'sandworm,' 'x-agent,' 'pawn storm,' 'fancy bear' and 'sednit'

The group of actors believed to be behind the attack is known as the 'Sofacy Group,' which is also referred to as 'apt28,' 'sandworm,' 'x-agent,' 'pawn storm,' 'fancy bear' and 'sednit'

WHICH ROUTERS HAVE BEEN HIT BY THE 'VPNFILTER' MALWARE?

The FBI is urgently warning consumers to reboot their routers after the agency identified a Russia-linked malware attack that targeted 'hundreds of thousands' of devices.

It's unclear how it's getting on to people's devices, but authorities believe it's linked to a group of actors known as the 'Sofacy Group,' which is also referred to as 'apt28,' 'sandworm,' 'x-agent,' 'pawn storm,' 'fancy bear' and 'sednit.'

The malware, called 'VPNFilter', can block web traffic, collect data and leave devices completely inoperable, the FBI announced on Friday.

VPNFilter seems to have hit mostly older models, but there's still a small chance that you've been affected.

Here's how to find out if your router or networked device has been affected:  

Linksys: E1200, E2500, WRVS4400N

Mikrotik: 1016, 1036, 1072

Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000

QNAP: TS251, S439 Pro, other QNAP NAS devices running QTS software

TP-Link: R600VPN

Given the seriousness and scale of the malware attack, the FBI recommended that consumers reboot their routers.

Doing so will temporarily disrupt any malware that's active on the device, but it won't remove it, the FBI said.

This can be done by unplugging the power cord and waiting a full 60 seconds before turning it on again.

However, Krebs on Security pointed out that part of the code utilized by VPNFilter will still exist on the device, unless the user performs a factory reset.

This will restore the router to its original settings and will require the user to reconfigure their network settings after it's been completed.

Many experts also recommend that users update to the latest firmware on their router, then perform a factory reset on the device.

To be extra secure, they should also set up a secure password and disable any remote management settings.

 


Comments are closed.



无觅相关文章插件