SHARE

m

https://1.bp.blogspot.com/-qE4JVnZK6IQ/WwWOd1JKaiI/AAAAAAAAwyA/pr8kyWQawIEBJ56oPUJmDOG3Wwbrd65iQCLcBGAs/s728-e100/router-hacking.png

Unlike most other malware that targets internet-of-things (IoT) devices, the first stage of VPNFilter persists through a reboot, gaining a persistent foothold on the infected device and enabling the deployment of the second stage malware.

VPNFilter is named after a directory (/var/run/vpnfilterw) the malware creates to hide its files on an infected device.

Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.

Talos researchers have high confidence that the Russian government is behind VPNFilter because the malware code overlaps with versions of BlackEnergy—the malware responsible for multiple large-scale attacks targeting devices in Ukraine that the U.S. government has attributed to Russia.

You need to be more vigilant about the security of your smart IoT devices. To prevent yourself against such malware attacks, you are recommended to change default credentials for your device.

If your router is by default vulnerable and cannot be updated, throw it away and buy a new one, it’s that simple. Your security and privacy is more than worth a router’s price.

Moreover, always put your routers behind a firewall, and turn off remote administration until and unless you really need it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here