Is Your Router at Risk?


Internet access is easily among the most important necessities in your home — next to a roof over your head, food in your pantry and clean water from the tap, of course. Thus, you should do everything in your power to ensure that your internet access remains strong and uninterrupted, but more pressingly, it means that you should work to keep your internet service safe.

Unfortunately, there are millions of reasons your internet access might be less than secure, and the most recent reason is your router. Indeed, the very device that offers wireless internet around your home could be hacking your devices and stealing your data. Here’s what you need to know about the latest and greatest malware — that has already infected as many as 1 million routers worldwide — so you can stay connected to the internet and stay safe.

The What’s, Where’s, How’s and Why’s of VPNFilter

VPNFilter is the name given to the most recent threat lurking online. The malware targets and infects routers rather than computers or smartphones because routers are often much less protected. In fact, many users do not touch their routers’ security, which is much of the problem. VPNFilter works by cracking default passwords on popular routers and using that information to infiltrate and infect hordes of devices. If you have one of a handful of older Linksys, Mikrotik, Netgear, QNAP or TP-Link router models, you might be particularly interested in understanding more about what VPNFilter does and where it came from.

Because your router fields all network traffic, it has a significant amount of authority in your home — so it can wreak unprecedented havoc when corrupted. A compromised router can collect and block network traffic, potentially stealing personal information or preventing users from accessing tools to rid themselves of infection. Worse, attackers could also disable the router, transforming it into an exceedingly expensive brick, and worst of all, attackers could use the masses of devices to launch further attacks, potentially disrupting major networks. Unfortunately, given what experts know about the source of the malware, the latter option seems most likely.

The FBI is nearly certain that VPNFilter was developed by Fancy Bear, a Russian cyberespionage group closely associated with the Russian military. Though between 500,000 and 1 million routers have been compromised around the world, the vast majority of attacks have focused on devices in Ukraine — which makes sense considering Russia’s interest in wresting control of Ukrainian territories. Still, even if you don’t live in Ukraine, your router is at risk, so you should understand how best to protect your device.

 Your Best Chances to Avoid Infection and Infiltration

Typically, once a malware has been identified, developers can immediately develop a patch and prevent further outbreaks — but such is not the case with VPNFilter. In fact, even the greatest infosec professionals aren’t certain how to eradicate VPNFilter.

On May 25, the FBI urgently called for users to download the latest updates and patches and then reset their routers using manufacturer instructions. At first, it seemed that this eliminated critical elements of the malware from infected machines, but upon later inspection, it only restarted the infection at Stage 1, merely slowing the spread of the virus.

Until authorities gain more information about VPNFilter’s functions and intentions, you should do your utmost to keep your devices safe. If you haven’t already, you should change your router’s admin credentials from the factory defaults. You can usually do this by connecting a computer to your router via ethernet cable and entering your router’s IP address in any browser. You should strive to make a username and password that balances strength and memorability, but merely deviating from the default should be enough to protect you from VPNFilter.

Then, you should work to protect all your other devices. Because no one is quite sure how VPNFilter spreads, you should lock down your devices with the best internet protection available. Appropriate security tools will scan webpages and downloads for corruption and quarantine suspicious code before it can act, helping your whole network stay safe. You should also revisit admin credentials on your devices to ensure your usernames and passwords are not easily guessed (i.e. not “1234” or “password”).

VPNFilter is a threat to international cybersecurity, but to most consumers, it is merely a single drop in the ocean of potentially disastrous malware. While you should stay up-to-date on the developments of VPNFilter investigations, you should also keep your devices safe from older risks by utilizing strong, stable security strategies.