(RNN) – Russia’s hackers are busy folks.
The FBI and Cisco warned us this week that they’ve infiltrated 500,000 routers in more than 50 countries across the globe by using a malware system known as VPNFilter.
The compromised routers could be used for lots of things, but the experts believe the malicious software used to hack them are part of a plan for a huge cyber attack on Ukraine.
To torpedo the Russian plot, the FBI got court approval to seize a domain the hacking group was using to coordinate the operation.
The computer code used in the malware program shares code with previous Russian cyber attacks.
“Defending against this threat is extremely difficult due to the nature of the affected devices,” according to Cisco’s cyber intelligence unit, Talos.
“The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers.”
And most of these routers are older devices that don’t have up-to-date software.
— Cisco Security (@CiscoSecurity) May 23, 2018
Cisco said none of its networking equipment is infected, but routers by Linksys, MikroTik, NETGEAR and TP-Link networking equipment are.
- Users reset routers and network-attached storage (NAS) devices to factory defaults and reboot them.
- Internet service providers (ISPs) automatically reboot routers for their customers.
- Users and ISPs update devices with the most recent firmware and software versions.
Still, it may be a losing battle, because preventing future infections on old routers won’t be easy.
“The majority of them are connected directly to the Internet, with no security devices or services between them and the potential attackers,” Cisco said.
“This challenge is augmented by the fact that most of the affected devices have publicly known vulnerabilities which are not convenient for the average user to patch. Additionally, most have no built-in anti-malware capabilities.
“These three facts together make this threat extremely hard to counter, resulting in extremely limited opportunities to interdict malware, remove vulnerabilities, or block threats.”
Copyright 2018 Raycom News Network. All rights reserved.