According to a recent advisory published by the Federal Bureau of Investigation, small business owners in the High Desert should reboot their routers to minimize their exposure to a new cyber threat.
In May 2018, security researchers from hardware and networking giant Cisco published their findings about a new malware strain affecting half a million routers around the world. The name given to this internet security threat is VPNFilter, and it is believed to have been developed by a Russian cybercrime group affiliated with the Kremlin.
WHAT BUSINESSES ARE AT RISK FOR UNSECURE DATA?
The routers affected by VPNFilter include those manufactured by popular brands such as NETGEAR and Linksys; they are mostly models used for residential and small business applications. The Cisco researchers have noticed the following malicious and destructive functions:
- VPNFilter opens a gateway to other malware infections and the potential of the router being conscripted into a botnet for denial of service attacks.
- VPNFilter monitors internet activity for the purpose of stealing important information such as username and password credentials.
- VPNFilter may lock up the router to cut off internet access. In most cases, this issue is solved by rebooting.
What is interesting about VPNFilter is that it connects to a command and control server where the botnet is hosted, and most of the malicious activity is concentrated in Ukraine. Since the nature of this attack seems to be focused on cyber warfare, it is believed that the Kremlin may have ordered an attack on Supervisory Control And Data Acquisition (SCADA) systems used to manage electrical power grids.
SCADA attacks on Ukrainian power plants have intensified since the annexation of Crimea by Russia a few years ago. VPNFilter appears to be part of these attacks, which also aim to disrupt business productivity by cutting off internet access at the router level.
SECURE YOUR BUSINESS NETWORKS AGAINST CYBERATTACKS
Just because VPNFilter appears to be developed by the Kremlin to disrupt life in Ukraine, High Desert business owners should not assume that they are impervious to this threat. In the past, the National Security Agency has detected instances of Russian cyber warfare launched against the United States on a trial basis; furthermore, VPNFilter can also be used by cybercrime groups who specialize in data breaches and identity theft.
If your internet logs show strange traffic from Photobucket.com accounts, there is a chance that your router has been probed by VPNFilter hackers, but not necessarily infected. Contact Sonic Systems if you have network security questions.