Home Security Netgear advises firmware updates for routers hit by VPNFilter

Netgear advises firmware updates for routers hit by VPNFilter

Networking equipment maker Netgear has advised users of its routers to ensure they are running the latest firmware in the wake of reports that malware known as VPNFilter has infected nearly 500,000 devices in 54 countries.

As iTWire reported on Thursday, the FBI said it had taken control of a domain that served as the primary command and control centre for the malware, thus making it possible for owners of infected devices to reboot and prevent the second and third-stage of the malware being loaded. Initial reports from Cisco's Talos Intelligence Group said half-a-million devices were infected by the malware.

Netgear said users should also ensure they had changed the default passwords on their devices and also ensure that remote management was turned off.

The devices come with remote management turned off and can only be turned on in the advanced settings.

The company said it would update its advise as more information came to hand.

Among the Netgear devices attacked were

  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000

Linksys has advised customers to change administration passwords periodically and ensure software is regularly updated. The company recommended a factory reset of a route if there was a suspicion that it had been infected. Three Linksys devices, the E1200, E2500 and WRVS4400N, were found to be among infected devices.

Another router manufacturer, MikroTik, said it was sure that any infected devices would have a vulnerability in MikroTik RouterOS software, which was patched in March 2017. It said upgrading RouterOS software would delete VPNFilter, any other third-party files and patched the vulnerability. Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072 were found to be affected.

Commenting on the incident, Eric Trexler, vice-president, Global Governments and Critical Infrastructure at security firm Forcepoint, said: "While determining attribution and intention are both hard, the evidence provided does look pretty convincing that something potentially very unpleasant is happening.

"I would deal with this today, not tomorrow, if I were running any of the impacted devices. A factory reset of certain routers - not every router you own - is a commonsense approach to risk management."

Forcepoint is a subsidiary of giant US defence contractor Raytheon.

Trexler added: "In the absence of good indicators of compromise that customers can use, getting on to the latest patched level is critical. If a particular device has been identified as vulnerable, I think the reset approach sounds like a reasonable response.

"However, that advice could change pretty quickly, so it's going to require defenders to watch what could be a rapidly evolving threat environment and change with it.

"Another consideration is the link back to SCADA and Modbus, which is particularly worrisome. The Modbus SCADA protocol has been used in millions of critical and industrial devices globally since 1979. The need for separation of IT/OT networks is critical to cyber resiliency.

"When any device is susceptible to compromise, the only effective way to combat the latest attacks is through network segregation. No longer can we afford to keep our critical infrastructure connected to and therefore directly accessible to the Internet.

"VPNFilter proves that time-tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News