Rava is an online news portal providing recent news, editorials, opinions and advice on day to day happenings in Pakistan.
A malicious program has endangered routers around the world.
The Federal Bureau of Investigation of the United States (FBI, by its abbreviations in English) alerted this Friday that some foreign hackers have compromised “hundreds of thousands of routers of houses and offices” with the malware“VPNFilter”, reason why the users must Take measures to protect yourself.
“The FBI recommends that any owner of routers in small offices and homes reboot the devices to temporarily disrupt the malware and help with the possible identification of infected devices,” the agency said in a statement and also on its Twitter account:
— FBI (@FBI) May 30, 2018
Otherwise, users risk having their routers out of operation and losing internet access.
The affected routers are at least 500,000 and are distributed in 54 countries, according to the intelligence group Cisco Talos, which has been investigating the malicious software for months . The list of affected countries has not been disclosed.
“The known devices affected by the VPNFilter are the Linksys, MikroTik, NETGEAR and TP-Link teams in small offices and homes … Our investigation continues,” the company said in a May 23 statement.
Cisco also recommended Internet users to restore the original factory settings of their devices and restart them.
But are these measures enough?
The US Department of Justice attributed the attack to a group known as “Sofacy” (also called “apt28” or “fancy bear”, among other names).
Sofacy has existed since 2007 and operates against “governments, armies, security organizations and other targets with some intelligence value,” according to a department statement.
The FBI said that the impact of this malicious software is significant, since it is able to collect the information that circulates through the routers and leave them out of operation.
Cisco Talos warned that malware “has the potential to cut Internet access to hundreds of thousands of victims around the world.”
The company said the likely malware was “sponsored by or affiliated with any E tate” , but the results of their investigations “are not definitive in any way”.
The company published the information it has available after detecting a sudden increase in the number of vulnerable vulnerable routers at the beginning of May, with a particular focus on Ukraine.
“We have observed the VPNFilter, a potentially destructive malware , which is affecting Ukrainian devices at an alarming rate,” Cisco Talos said. “The scale and capacity of this operation are worrisome.”
The VPNFilter code shares some similarities with the “Black Energy” malware used in attacks on the Ukrainian electricity grid in December 2015.
But this time, the FBI seems to have thwarted the preparations for another assault.
On May 23, a federal judge in Pennsylvania, USA, ordered this government agency to take control of the domain ToKnowAll.com, a website that helped hackersestablish communication with routers infected with the malware.
Affected routers were periodically contacted with that address to update the VPNFilter.
By gaining control of the domain, the FBI has the ability to locate infected devices and clean them.
“This will redirect malware attempts to reinfect the device to an FBI-controlled server, which will capture the address of the infected devices ,” the Justice Department said.
Restarting the routers, as requested by the FBI and Cisco, helps the malware “ask for instructions” to its domain (now controlled by the FBI).
The Department of Justice explained that this measure “maximizes the opportunities to identify and remedy the infection worldwide before Sofacy knows the vulnerability in its infrastructure.”