Routers in Europe and Asia have been the clear goal for cybercriminals in the past weeks. The expansion of the malware Roaming Mantis, which attacks routers using a domain name system (DNS) hijacking technique, has expanded its capabilities to include cryptomining.
In the last few hours, another cyber nightmare has added its name to the list of threats: the malware VPNFilter, which has affected over 500,000 routers in 54 countries, resulting in a global threat. Some particular features of this botnet are the potential to carry out a massive coordinated attack using the affected routers, sharing data, and rendering devices useless via a kill switch. Some of the code it uses has already been seen in previous Russian cyberattacks, and in similar attacks on European countries such as Ukraine, where the country’s power grids were attacked by malware like this.
Now, the FBI seems to have hit on the key to stop VPNFilter. A vital step in getting the malware under control was a court ruling which allowed the FBBI to seize a domain called ToKnowAll.com that was going to be used to coordinate the affected routers.
Although the malware mainly affects several makes of routers, the FBI has recommended that all users of small or home office routers take precautionary measures, such as rebooting the routers, updating to the latest version of the firmware, and turning off remote management settings. The Bureau also suggests strengthening passwords and encryption settings.
According to the Department of Justice, it is likely that a group known as “Sofacy” and “Fancy Bear” among other names, which answers to the Russian government, is behind the malware. This isn’t the first time the group has made the headlines; it has also been blamed for the attack on the Democratic National Committee during the 2016 US presidential campaign.
How can you protect your company from a malware attack?
- Regularly update your operating system; this will apply critical security fixes to your software.
- Make a hardware and software inventory for your company. It’s important that you know what there is and where it is, in case there are any indicators of an attack. How fast you can respond to an attack will largely depend on how long it takes you to find devices and systems which could be affected.
- Partition your company’s network, or, to put it another way, divide it into areas with different access profiles. Apply internal rules that define what communication can be established between these groups, as well as the permissions and privileges that each one has when carrying out certain actions, to avoid fast infection and bigger problems.
- Create strong passwords, avoiding obvious combinations, and obvious substitutions such as “$” for “S”. The length of the password is also important: the longer the better!
- Back up your data regularly, both on physical and cloud-based drives. This takes away cybercriminals’ profit incentive to hold your data ransom.
- It’s not just the corporate network that needs to be secure: each and every device (computers, tablets, mobiles…) used by employees in the organization must be protected, as they are both entry point and the first line of defense against any kind on infection.
- Get a good security solution for your company
With cyberattacks like this making the news almost daily, the only way to protect against them is with an endpoint security solution that incorporates prevention, detection, containment and cleanup with forensic analysis tools, in a lightweight agent and cloud infrastructure like Panda Adaptive Defense 360. Discover all the business protection solutions that Panda Security has to offer.