Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Duck, cover, and reboot your router? Why the FBI’s new warning is no joke

Casezy/Getty Images

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Last week, the FBI released a statement that shocked many — reset your home or office router immediately upon threat of cyberattack. To throw some additional urgency to the matter, the threat was traced back directly to a group connected to the Russian government.

It sounds like an easy fix for a major threat, but is resetting your router really going to prevent a major cyberattack?

Does rebooting really help?

Vulnerabilities in routers can be a huge problem, but rebooting the router flushes the short-term memory, and most attacks with it. However, there’s reason to think the recent scare won’t be so easy to solve.

Bitdefender Senior E-threat Analyst, Liviu Arsene. Bitdefender

According to the FBI, a specific kind of malware called VPNFilter was used, which infected the firmware of routers across the world. The FBI’s statement didn’t much detail as to whether this multi-stage malware might survive the suggested reboot, and that raised the alert of the cybersecurity expert we spoke to.

“Until now, we haven’t seen malware on IoT that could survive the reboot,” said Liviu Arsene, senior analyst at BitDefender. “If this malware survives the reboot, it’s a pretty big deal.”

The malware exists in three stages, the second and third of which aren’t persistent — meaning a reboot will mitigate the problem. The problem is the initial stage.

“They do say that the main purpose of stage one is to gain a persistent foothold in enabling the deployment of malware,” Arsene said. “The FBI did say that you need to reboot your devices to flush out any connection. But they did not say if the firmware is effective or if after rebooting, you’re vulnerable or not. They didn’t say if the malware survives and attempts to dial back home.”

The piece of hostile code allows the hackers to automate and control physical systems.

A follow-up statement from the Justice Department provided some clarity, saying that a reboot would eliminate second-stage malware and cause first-stage “to call out for instructions.” The statement continued, saying that while devices will remain vulnerable to reinfection, “these efforts maximize opportunities to identify and remediate the infection worldwide.”

Because it’s unknown how the routers were even infected to begin with, it’s also unknown whether a reboot or factory reset would do the trick. If VPNFilter turns out to exist beyond a reboot, this is a breed of malware that we haven’t seen before — and one that will be much more difficult to stamp out.

Why is VPNFilter so serious?

There’s another reason why VPNFilter is serious enough to merit an FBI warning.

Stuxnet: Anatomy of a Computer Virus

“The big deal is that for the code these analysts found in VPNFilter have overlapped with some other threats that was used a couple of years ago in Ukraine with the cyberattack that took down their power grid,” said Arsene. “Once you see that, it’s usually a pretty good sign that that botnet is going to be used. When you compare that with the code that was previously used to attack Ukraine, the most obvious conclusion is that they’re gonna use this botnet to attack some other critical infrastructure.”

The cyberattack on the Ukraine in December of 2016 wasn’t a great disaster. The power went out for around an hour at midnight in the capital city of Kiev. By morning, most people hadn’t noticed it occurred.

“Router companies need to pay more attention to the security aspects of their firmware.”

Upon digging into the incident, however, researchers discovered a more frightening potential under the surface. Security firms ESET and Dragos Inc. concluded the hackers were only testing their possibly world-shaking malware. The piece of hostile code used allows hackers to automate and control physical systems (such as the power grid). That’s not good.

The same code was also famously used in Stuxnet, a worm which is believed to have damaged Iranian nuclear systems around 2010. The prospect of that code appearing in an attack on 500,000 routers is troubling to anyone worried about cybersecurity. That’s likely why the FBI went public with its findings.

How can you secure your router?

“Router companies need to pay more attention to the security aspects of their firmware,” said Arsene. “This is not the first time we’ve seen routers with backdoors, with vulnerabilities, or open Telnets ports that are accessible from anywhere you are on the internet.”

Router companies don’t have the best reputation for cybersecurity. Many leave firmware updates up to the individual user, and router security isn’t easy to understand. “Whenever someone buys a router or any other IoT device they simply plug it into their network,” Arsene said. “They don’t usually take time to change default extensions. Whenever you have a router with default credentials connecting to the internet, you’re kind of asking for it. Security should start with your router.”

What is Bitdefender BOX?

BitDefender has a new product called Box that gives you a clear view of all of the smart devices in your network — and where the vulnerabilities are. While it’s a good solution for the tech-savvy among us, the average person doesn’t care enough about personal cybersecurity to invest in such a product. Arsene insisted that the largest vulnerability is the lack of awareness among the average person.

“People usually enable remote management so that they can dial in from work or from wherever you are. It is a big issue, especially if the router has hard-coded credentials or default passwords. You should disable remote access if you don’t use it. You should disable telnet if you don’t use it. You should disable SSH if you don’t use it. You should update the firmware as often possible and change default credentials. But how many people do that? Outside of tech savvy people, it doesn’t happen. My parents don’t do it.”

Now you know. Router security isn’t fun – but if it’s serious enough for the FBI to issue warnings, it’s serious enough to be worth your time.

Editors' Recommendations

Luke Larsen
Senior Editor, Computing
Luke Larsen is the Senior editor of computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Best tools to stress test your CPU
A CPU cooler installed on a motherboard.

Running a CPU stress test tool is a great way to break in a new processor, test an overclock, see how capable your cooling is, or just make sure your PC is running as well as it should. There are a number of CPU stress tests out there, but we have a few favorites you should check out.

The goal of stress testing is to push the computer to failure. You want to see how long it takes before it becomes unstable. It's usually a good idea to run tests for at least an hour or two, though some can take longer.

Read more
One of Lenovo’s best-selling ThinkPad laptops is 45% off today
Lenovo ThinkPad X1 Carbon Gen 12 front angled view showing display and keyboard.

If you're on browsing through laptop deals for a machine that will immensely help in boosting your productivity, you may want to check out Lenovo's offer for the popular Lenovo ThinkPad X1 Carbon Gen 11. It's a powerful device so its original price is $3,319, but a 45% discount from Lenovo brings it down to a more reasonable $1,825. That's $1,494 in savings that you'll be able to spend on software and accessories, but you're going to have to proceed with the purchase right now if you want to make sure that you get it because this is a clearance sale, so there's no guarantee that stocks will still be available tomorrow.

Why you should buy the Lenovo ThinkPad X1 Carbon
The Lenovo ThinkPad X1 Carbon Gen 11 challenges the performance of the best laptops with its 13th-generation Intel Core i7 processor, integrated Intel Iris Xe Graphics, and 16GB of RAM that our guide on how much RAM do you need says is similar to what you'll find in top-tier machines. The device comes with a 14-inch touchscreen with WUXGA resolution for sharp details and bright colors, a 1TB SSD for ample storage space for your files, and Windows 11 Pro pre-installed so that you can access the more advanced capabilities of the operating system.

Read more
The world’s first 8K mini-LED monitor has arrived
The Asus ProArt PA32KCX 8K mini-LED professional monitor placed on a desk next to a workstation PC.

When it comes to the best professional-grade monitors, resolution, brightness, and color accuracy are all paramount. Asus is aiming to ace all three (and a lot more) with its newly announced ProArt PA32KCX, which is also the world’s first 8K mini-LED professional monitor.

The 8K resolution is the standout spec, of course. The monitor has a resolution of 7680 x 4320 across its 32-inch screen. One of the only other 8K monitors available that you actually buy is the Dell UltraSharp UP3218K, which came out in 2017.

Read more