Security Market Segment LS
Friday, 25 May 2018 09:05

Netgear advises firmware updates for routers hit by VPNFilter

By

Networking equipment maker Netgear has advised users of its routers to ensure they are running the latest firmware in the wake of reports that malware known as VPNFilter has infected nearly 500,000 devices in 54 countries.

As iTWire reported on Thursday, the FBI said it had taken control of a domain that served as the primary command and control centre for the malware, thus making it possible for owners of infected devices to reboot and prevent the second and third-stage of the malware being loaded. Initial reports from Cisco's Talos Intelligence Group said half-a-million devices were infected by the malware.

Netgear said users should also ensure they had changed the default passwords on their devices and also ensure that remote management was turned off.

The devices come with remote management turned off and can only be turned on in the advanced settings.

The company said it would update its advise as more information came to hand.

Among the Netgear devices attacked were

  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000

Linksys has advised customers to change administration passwords periodically and ensure software is regularly updated. The company recommended a factory reset of a route if there was a suspicion that it had been infected. Three Linksys devices, the E1200, E2500 and WRVS4400N, were found to be among infected devices.

Another router manufacturer, MikroTik, said it was sure that any infected devices would have a vulnerability in MikroTik RouterOS software, which was patched in March 2017. It said upgrading RouterOS software would delete VPNFilter, any other third-party files and patched the vulnerability. Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072 were found to be affected.

Commenting on the incident, Eric Trexler, vice-president, Global Governments and Critical Infrastructure at security firm Forcepoint, said: "While determining attribution and intention are both hard, the evidence provided does look pretty convincing that something potentially very unpleasant is happening.

"I would deal with this today, not tomorrow, if I were running any of the impacted devices. A factory reset of certain routers - not every router you own - is a commonsense approach to risk management."

Forcepoint is a subsidiary of giant US defence contractor Raytheon.

Trexler added: "In the absence of good indicators of compromise that customers can use, getting on to the latest patched level is critical. If a particular device has been identified as vulnerable, I think the reset approach sounds like a reasonable response.

"However, that advice could change pretty quickly, so it's going to require defenders to watch what could be a rapidly evolving threat environment and change with it.

"Another consideration is the link back to SCADA and Modbus, which is particularly worrisome. The Modbus SCADA protocol has been used in millions of critical and industrial devices globally since 1979. The need for separation of IT/OT networks is critical to cyber resiliency.

"When any device is susceptible to compromise, the only effective way to combat the latest attacks is through network segregation. No longer can we afford to keep our critical infrastructure connected to and therefore directly accessible to the Internet.

"VPNFilter proves that time-tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks."


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments