Home Security Netgear advises firmware updates for routers hit by VPNFilter

Networking equipment maker Netgear has advised users of its routers to ensure they are running the latest firmware in the wake of reports that malware known as VPNFilter has infected nearly 500,000 devices in 54 countries.

As iTWire reported on Thursday, the FBI said it had taken control of a domain that served as the primary command and control centre for the malware, thus making it possible for owners of infected devices to reboot and prevent the second and third-stage of the malware being loaded. Initial reports from Cisco's Talos Intelligence Group said half-a-million devices were infected by the malware.

Netgear said users should also ensure they had changed the default passwords on their devices and also ensure that remote management was turned off.

The devices come with remote management turned off and can only be turned on in the advanced settings.

The company said it would update its advise as more information came to hand.

Among the Netgear devices attacked were

  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000

Linksys has advised customers to change administration passwords periodically and ensure software is regularly updated. The company recommended a factory reset of a route if there was a suspicion that it had been infected. Three Linksys devices, the E1200, E2500 and WRVS4400N, were found to be among infected devices.

Another router manufacturer, MikroTik, said it was sure that any infected devices would have a vulnerability in MikroTik RouterOS software, which was patched in March 2017. It said upgrading RouterOS software would delete VPNFilter, any other third-party files and patched the vulnerability. Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072 were found to be affected.

Commenting on the incident, Eric Trexler, vice-president, Global Governments and Critical Infrastructure at security firm Forcepoint, said: "While determining attribution and intention are both hard, the evidence provided does look pretty convincing that something potentially very unpleasant is happening.

"I would deal with this today, not tomorrow, if I were running any of the impacted devices. A factory reset of certain routers - not every router you own - is a commonsense approach to risk management."

Forcepoint is a subsidiary of giant US defence contractor Raytheon.

Trexler added: "In the absence of good indicators of compromise that customers can use, getting on to the latest patched level is critical. If a particular device has been identified as vulnerable, I think the reset approach sounds like a reasonable response.

"However, that advice could change pretty quickly, so it's going to require defenders to watch what could be a rapidly evolving threat environment and change with it.

"Another consideration is the link back to SCADA and Modbus, which is particularly worrisome. The Modbus SCADA protocol has been used in millions of critical and industrial devices globally since 1979. The need for separation of IT/OT networks is critical to cyber resiliency.

"When any device is susceptible to compromise, the only effective way to combat the latest attacks is through network segregation. No longer can we afford to keep our critical infrastructure connected to and therefore directly accessible to the Internet.

"VPNFilter proves that time-tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks."


With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Sponsored News