FBI to America: Reboot Your Routers, Right Now There's a sneaky bit of malware going around.

https://www.popularmechanics.com/technology/security/a20918611/vpnfilter-malware-reboot-router/

The FBI has issued a dire warning to everyone who has a router in their home. The Internet Crime Complaint Center sent a rare Public Service Announcement declaring: "Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide."

The hackers are using VPNFilter malware to target small office and home office routers, the FBI said. "VPNFilter is able to render small office and home office routers inoperable," the FBI warns. "The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption."

The feds recommends "any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices." They also advise to consider disabling remote management settings on devices, use encryption, upgrade firmer and choose new and different passwords, which is pretty much best practice anyway.

The IC3, formerly known as the Internet Fraud Complaint Center was renamed in October 2003 to include this kind of attack. Their stated mission "is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners."

Today, that means telling you to reboot your router, so hop to it.

snip


FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

Feds warn admins malware is rather tough to destroy

https://www.theregister.co.uk/2018/05/24/fbi_vpnfilter_botnet/

The FBI says it is taking steps to stop the spread of the VPNFilter malware and botnet, warning that it's a national security issue.

The bureau's offensive includes seizing a domain believed to have been used as part of the command and control structure for VPNFilter's 500,000-strong network of infected routers and storage devices.

The FBI also made some interesting revelations about the botnet, including confirming that it was being run by the Russian "Sofacy" or "Fancy Bear" group that has previously carried out international hacking campaigns against the US and other countries on behalf of the Russian government.

Just hours before the FBI announced it had seized the command and control domain, researchers with Cisco's Talos security team publicly announced the discovery of the worm they had described as a "concerning" attack that had already spread to more than half a million devices in 54 countries around the world.

The government echoed that concern in its announcement, acknowledging that VPNFilter is already considered to be a national security concern for the US.

snip