Duck, cover, and reboot your router? Why the FBI’s new warning is no joke

the fbi wants you to reboot your router insecure getty
Casezy/Getty Images

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Last week, the FBI released a statement that shocked many — reset your home or office router immediately upon threat of cyberattack. To throw some additional urgency to the matter, the threat was traced back directly to a group connected to the Russian government.

It sounds like an easy fix for a major threat, but is resetting your router really going to prevent a major cyberattack?

Does rebooting really help?

Vulnerabilities in routers can be a huge problem, but rebooting the router flushes the short-term memory, and most attacks with it. However, there’s reason to think the recent scare won’t be so easy to solve.

cryptojacking is the new ransomware that a good thing liviu arsene bitdefender portrait
Bitdefender Senior E-threat Analyst, Liviu Arsene. Bitdefender

According to the FBI, a specific kind of malware called VPNFilter was used, which infected the firmware of routers across the world. The FBI’s statement didn’t much detail as to whether this multi-stage malware might survive the suggested reboot, and that raised the alert of the cybersecurity expert we spoke to.

“Until now, we haven’t seen malware on IoT that could survive the reboot,” said Liviu Arsene, senior analyst at BitDefender. “If this malware survives the reboot, it’s a pretty big deal.”

The malware exists in three stages, the second and third of which aren’t persistent — meaning a reboot will mitigate the problem. The problem is the initial stage.

“They do say that the main purpose of stage one is to gain a persistent foothold in enabling the deployment of malware,” Arsene said. “The FBI did say that you need to reboot your devices to flush out any connection. But they did not say if the firmware is effective or if after rebooting, you’re vulnerable or not. They didn’t say if the malware survives and attempts to dial back home.”

The piece of hostile code allows the hackers to automate and control physical systems.

A follow-up statement from the Justice Department provided some clarity, saying that a reboot would eliminate second-stage malware and cause first-stage “to call out for instructions.” The statement continued, saying that while devices will remain vulnerable to reinfection, “these efforts maximize opportunities to identify and remediate the infection worldwide.”

Because it’s unknown how the routers were even infected to begin with, it’s also unknown whether a reboot or factory reset would do the trick. If VPNFilter turns out to exist beyond a reboot, this is a breed of malware that we haven’t seen before — and one that will be much more difficult to stamp out.

Why is VPNFilter so serious?

There’s another reason why VPNFilter is serious enough to merit an FBI warning.

“The big deal is that for the code these analysts found in VPNFilter have overlapped with some other threats that was used a couple of years ago in Ukraine with the cyberattack that took down their power grid,” said Arsene. “Once you see that, it’s usually a pretty good sign that that botnet is going to be used. When you compare that with the code that was previously used to attack Ukraine, the most obvious conclusion is that they’re gonna use this botnet to attack some other critical infrastructure.”

The cyberattack on the Ukraine in December of 2016 wasn’t a great disaster. The power went out for around an hour at midnight in the capital city of Kiev. By morning, most people hadn’t noticed it occurred.

“Router companies need to pay more attention to the security aspects of their firmware.”

Upon digging into the incident, however, researchers discovered a more frightening potential under the surface. Security firms ESET and Dragos Inc. concluded the hackers were only testing their possibly world-shaking malware. The piece of hostile code used allows hackers to automate and control physical systems (such as the power grid). That’s not good.

The same code was also famously used in Stuxnet, a worm which is believed to have damaged Iranian nuclear systems around 2010. The prospect of that code appearing in an attack on 500,000 routers is troubling to anyone worried about cybersecurity. That’s likely why the FBI went public with its findings.

How can you secure your router?

“Router companies need to pay more attention to the security aspects of their firmware,” said Arsene. “This is not the first time we’ve seen routers with backdoors, with vulnerabilities, or open Telnets ports that are accessible from anywhere you are on the internet.”

Router companies don’t have the best reputation for cybersecurity. Many leave firmware updates up to the individual user, and router security isn’t easy to understand. “Whenever someone buys a router or any other IoT device they simply plug it into their network,” Arsene said. “They don’t usually take time to change default extensions. Whenever you have a router with default credentials connecting to the internet, you’re kind of asking for it. Security should start with your router.”

BitDefender has a new product called Box that gives you a clear view of all of the smart devices in your network — and where the vulnerabilities are. While it’s a good solution for the tech-savvy among us, the average person doesn’t care enough about personal cybersecurity to invest in such a product. Arsene insisted that the largest vulnerability is the lack of awareness among the average person.

“People usually enable remote management so that they can dial in from work or from wherever you are. It is a big issue, especially if the router has hard-coded credentials or default passwords. You should disable remote access if you don’t use it. You should disable telnet if you don’t use it. You should disable SSH if you don’t use it. You should update the firmware as often possible and change default credentials. But how many people do that? Outside of tech savvy people, it doesn’t happen. My parents don’t do it.”

Now you know. Router security isn’t fun – but if it’s serious enough for the FBI to issue warnings, it’s serious enough to be worth your time.

Computing

Could the next Microsoft HoloLens be announced at MWC 2019?

After not having a presence at Mobile World Congress for three years, Microsoft is now sending out media invites for a press conference on February 24 during the annual event in Barcelona. Could a next-generation HoloLens be on the way?
Mobile

Android vs. iOS: Which smartphone platform is the best?

If you’re trying to choose a new phone and you’re not sure about the merits and pitfalls of the leading smartphone operating systems, then come on in for a detailed breakdown as we pit Android vs. iOS in various categories.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Gaming

Having problems with your Xbox One console? We have the solutions

The Xbox One has evolved over the years, but so have its problems. Thankfully, we have solutions for some of the console's most enduring problems, whether you're experiencing issues with connectivity or your discs.
Computing

Microsoft to separate Cortana from search with the next version of Windows 10

Changes are on the way for two key features in Windows 10. A separation of Windows 10 search and Cortana will allow Microsoft to more often innovate on each of the features independently.
Computing

Nvidia’s next midrange card might be a GTX 1660 Ti, rumors suggest

Nvidia may be working on a non-RTX Turing graphics card called the 1660 Ti. Rumors suggest it will have around 20 percent fewer CUDA cores than the RTX 2060 and will lack ray tracing support.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Convert your PDFs into convenient Word documents with Adobe or a free option

PDF files are great, but few document types are as malleable as those specific to Microsoft Word. Here's how to convert a PDF file into a Word document, whether you prefer to use Adobe's software suite or a freemium alternative.
Deals

From Samsung to HP, here are the best cheap Chromebook deals right now

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- with most…
Computing

Chromebook 13 vs. Google Pixelbook: Acer model takes on the king

Acer's Chromebook 13 is throwing tons of speed at the Chrome OS market, to go with a midrange build and traditional clamshell design. Is that enough to challenge the Google Pixelbook?
Computing

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.
Computing

Dell teases new XPS laptop with Intel’s 10th-gen Ice Lake for summer 2019

After teasing a mysterious Ice Lake-powered XPS laptop during Intel's keynote, Dell confirmed that it will announce a new 10th-generation Ice Lake-powered XPS laptop this year. The new XPS notebook could debut as early as summer.
Computing

Faster new PCIe 5.0 standard leapfrogs the best feature of AMD’s Ryzen 3

PCIe 5.0 will bring even faster data transfers, but it may only be found on HPCs and servers initially. The standard is four times faster than your current PC at transferring data, and new devices could appear later this year.