Industry experts have spoken about the implications of a new sophisticated malware system reported to have affected at least 500,000 networking devices worldwide, according to research by Cisco Talos.
Cisco Talos – one of the largest commercial threat intelligence teams in the world – posted on the company’s blog about the discovery of the malware which it calls “VPNFilter”.
More than 500,000 devices around the world are said to have been infected – most are consumer internet routers from a range of different vendors, with some consumer NAS (network attached storage) devices also known to have been hit.
Paul Ducklin, Senior Technologist at Sophos, a member of the Cyberthreat Alliance, recommends conducting a router health check, even if you believe the router is already up-to-date and don’t think devices are infected.
He said: “It’s time for a router health check. Home devices like routers are popular targets for cybercrooks these days, yet they’re often neglected from a cybersecurity point of view. Start with the basics. Check for a firmware update with your router vendor – do it today! And pick proper passwords – the crooks know every default password that ever left the factory, so why make it easy for them?”
Ashley Stephenson, CEO at Corero Network Security, said: “Once again, a significant community of vulnerable devices is being pursued by hackers. We cannot know the hackers’ true motivation at this point or even if they are part of a single group but some of the reported capabilities of the observed exploits suggest more of a nation state surveillance or sabotage mission rather than commercially motivated data theft or DDoS.
“This report also highlights the increasing security industry attention being paid to botnet formation through observations of vulnerability scanning, honeypot exploit attempts, and C&C communication intercepts. We often know about potential threats earlier in their lifecycle, before the actual attacks are launched. Ironically the cybersecurity community is relatively powerless to intervene before these weaponised IoTs are activated so we must continue to prepare our cyber defences and response strategies for future attacks.”
Natan Bandler, CEO and co-founder of Cy-oT, said: “You cannot be 100% certain that you are patched and secure all the time, and it definitely can’t happen when you’re talking about operational systems, infrastructure or devices like routers. Such infrastructure can be infected and can be hacked – even more so when talking about nation state level attacks.
“Yes, we should expect governments to protect other governments or to protect organisations, but unfortunately there is no single international cyberdefence entity that does that. Hopefully we can expect this at some point, and there is currently collaboration between different law enforcement agencies about cybersecurity, but it’s not at a level where the internet police of the world will detect or stop such attacks.
“So it’s the responsibility of organisations and other governments to protect themselves. Just trusting the equipment, be it network equipment or the routers themselves, to be protected is not enough. We’re talking about devices, networks or infrastructures, the role of which is first and foremost to be able to transfer traffic from point to point. They are operational. We’re not talking about security equipment or security solutions.
“Organisations should be protected by a security solution that is monitoring whatever their equipment is doing, whatever their devices are doing and whatever their networks are doing. And whenever there is a breach, such a solution should be able to detect it and to stop it.
“Security should be separate from operation and we cannot trust devices whether they are attacked by a government or just by a school kid using an exploit they discovered.”