FBI: Reboot, reset your router immediately to prevent cyberattacks

Russian-linked router malware is much more dangerous than we thought

New VPNFilter malware targets at least 500K networking devices worldwide
Cisco

Following reports that a type of malware has infected more than 700,000 routers used in homes and small businesses in more than 50 countries, the FBI is urging all consumers to reboot their routers. The VPNFilter malware was discovered by Cisco’s security researchers and affects routers made by Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE. The U.S. Department of Justice said the authors of the VPNFilter were part of the Sofacy group that answered directly to the Russian government, Reuters reported, and that Ukraine was the likely target of the attack.

“The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyberattack operations,” Cisco said in a report. Because the malware could collect data from the user and even perform a large-scale destructive attack, Cisco recommends that owners of SOHO or network attached storage (NAS) devices be especially cautious with this type of attack. And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices to reboot.

This is doubly important now, as further analysis shows that the list of vulnerable hardware is much longer than originally thought. Where 14 device models were said to be vulnerable following the initial announcement, that list has grown to cover tens of devices from a number of manufacturers. This makes as many as 700,000 routers vulnerable around the world and an even greater number of connected users.

Even more problematic is that those affected are vulnerable to a newly discovered element of the malware which allows it to perform a man-in-the-middle attack on incoming traffic that passes through the router. That makes everyone on infected networks susceptible to attack and data theft. The malware module, called “ssler” also actively scans web URLs for sensitive information like login credentials, which can then be sent back to a control server, as per Ars Technica. It does this by actively downgrading protected HTTPS connections into far more readable HTTP traffic.

What’s most striking about this latest discovery, is that it highlights how router owners and connected devices are targets too, not just the potential victims of the botnet that was actively created through the proliferation of this malware.

Regardless, recommendations for securing your own network remain the same.

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” FBI officials warned. “Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

There are three stages to VPNFilter — a persistent stage 1 and non-persistent stages 2 and 3. Because of how the malware works, rebooting will clear out stages 2 and 3 and mitigate most problems. The FBI had seized a domain used by the malware’s creator to deliver stages 2 and 3 of the attack. These later stages cannot survive a reboot.

The Justice Department also issued a similar warning, urging users to reboot their routers. “Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second-stage malware and causing the first-stage malware on their device to call out for instructions,” the department said in a statement. “Although devices will remain vulnerable to reinfection with the second-stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

Cisco advised all users to perform a factory reset of their devices, which would clear out even stage 1 of the malware. If you’re unclear on how to perform a factory reset, you should contact the router manufacturer for instructions, but in general, inserting a paper clip into the “reset” button located on the back or bottom of your router and holding it in place for a few seconds will wipe your router. Additional recommendations to mitigate future attacks are also found in Cisco’s report.

Updated on June 6: Added news of newly affected routers and attack vectors.

Computing

The Surface Centaurus might run Android apps, but is that a good idea?

A new leak hints that Microsoft's rumored Project Centaurus is a dual-screen device that will run Android apps. Is this what Microsoft needs to save its desperately-ignored Windows tablet mode?
Mobile

Hackers conduct prolonged cyberattack against phone network, says security firm

A security company says a prolonged cyberattack against global phone networks, where hackers have apparently collected data related to phone conversations and even the physical location of the device, has taken place.
Mobile

The stand-alone Palm is available for purchase and still costs $350

A reboot of the classic Palm is finally here and it's tiny. It syncs to your phone and acts as a secondary device -- with a feature to help you disconnect from technology. The Palm will be available exclusively through Verizon for $350.
Movies & TV

The best shows on Netflix right now (June 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Photography

Create apocalyptic A.I. world with this camera app that removes people from pics

What would the shots in your camera roll look like without any people? Bye Bye Camera is a new iOS app that uses artificial intelligence to remove all people from the photo., but it's not designed for practical applications.
Computing

A dual-screen device from Microsoft is in the works. Here's what we know so far

Would you be interested in a dual-screen Surface computer? The Surface Centaurus is a Microsoft project working on just that -- and Microsoft already has a prototype. Here's all the important information on Centaurus!
Product Review

The 13-inch Acer Swift 3 struggles to find a place in a very crowded market

Acer’s 13-inch version of the Swift 3 clamshell laptop doesn’t offer much to distinguish itself from a very crowded market. It’s not faster, cheaper, better-built, or more attractive than the competition.
Computing

MacOS Catalina is a worthy update but leaves us worried about the Mac's future

The public beta of Apple’s MacOS Catalina is here, and we’ve got our first impressions of Apple’s latest operating system to see if the new features are worth the hype.
Computing

All the news, rumors and wishes for Microsoft's Surface Book 3

Want to know more about Microsoft's Surface Book 3? Here's what we know about the third-generation Surface Book, including what's likely to change, when it will be released, and more useful information!
Mobile

The best travel power adapters for international jet-setters

We recently tried out several of the best travel adapters on our journeys around the globe, and these are our favorite models so far. If you want to keep your gadgets juiced on the go, then snag one of these.
Photography

After Lightroom and Photoshop, Loupedeck brings tactile edits to Camera RAW

Loupedeck, the photo-editing keyboard, can now work round-trip for editing a photo in Lightroom, Adobe Camera RAW, and Photoshop. The new Camera RAW integration continues to add to the Loupedeck Plus roster of compatible software.
Deals

Pre-Prime Day Deal: Amazon has the best offer on the 13-inch MacBook Pro

Prime Day is less than three weeks away, but we’ve already seen some sweet Apple discounts popping up lately. If you're hungry for a deal before Prime Day, Amazon has the 13.3-inch MacBook Pro on sale right now for a nice $200 discount.
Emerging Tech

A Netflix data scientist taught an A.I. to recognize smooching scenes in movies

A senior data scientist at Netflix has taught an A.I. algorithm to recognize kissing scenes in movies. Here's why it could turn out to be a very useful tool for the future of moviemaking.
Computing

If you can only buy one, should it be the MacBook Pro or the iPad Pro?

If you need a powerful, portable device that can handle any task you throw at it, both the MacBook Pro and iPad Pro fit the bill. But which one is best? We run down the pros and cons of each device to help you decide which one you should…