Malware VPN Filter Can Be Disrupted Through Reboot of Network Routers

Technology > Security


VPN Filter is a malware associated with a group of hackers believed to be connected to the Russian military, according to the Federal Bureau of Investigation. The bureau said that the malware can affect Internet users, including residential subscribers.

Based on the review by Talos Intelligence, a security group at Cisco, VPN Filter has affected at least 500,000 devices in at least 54 countries worldwide. The malware works in a multi-stage process to conduct destructive cyber attacks. The stage 1 of the malware sustains its connection in devices linked to Internet-of-Things networks after the router has been rebooted, which made it different from other malware. During this stage, the malware needs to establish a foothold to progress.

Once it has successfully reached stage 2, the malware can now perform data collection in affected devices. It can retrieve data files, execute commands, and even take over device management. In some versions, the VPN Filter is equipped with a self-destructive function by overwriting a crucial part of the device’s firmware to render it useless, which can be activated after it has reached stage 2 infection.

Fortunately, there is a simple way to prevent such perilous infection in IoT devices. According to the FBI and Talon Intelligence, a restart of the network router can de-stabilize the foothold of the malware during stage 2 infection. Internet users at home and owners of small offices should reboot the routers often. The reboot disrupts the connection of the malware temporarily.

In addition to that, Internet users who utilize Remote Management Settings should disable its function to devices, and create a strong password to increase the security level of connected devices. Moreover, firmware versions of the router and other network devices must be updated as well. Certain firmware updates may contain the necessary patches to obstruct any malware infection and cyber attacks.