FBI: Reboot, reset your router immediately to prevent cyberattacks

Russian-linked router malware is much more dangerous than we thought

New VPNFilter malware targets at least 500K networking devices worldwide
Cisco

Following reports that a type of malware has infected more than 700,000 routers used in homes and small businesses in more than 50 countries, the FBI is urging all consumers to reboot their routers. The VPNFilter malware was discovered by Cisco’s security researchers and affects routers made by Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquiti, Upvel, and ZTE. The U.S. Department of Justice said the authors of the VPNFilter were part of the Sofacy group that answered directly to the Russian government, Reuters reported, and that Ukraine was the likely target of the attack.

“The VPNFilter malware is a multistage, modular platform with versatile capabilities to support both intelligence collection and destructive cyberattack operations,” Cisco said in a report. Because the malware could collect data from the user and even perform a large-scale destructive attack, Cisco recommends that owners of SOHO or network attached storage (NAS) devices be especially cautious with this type of attack. And since it’s unclear how compromised devices were infected in the first place, officials are urging users of all routers and NAS devices to reboot.

This is doubly important now, as further analysis shows that the list of vulnerable hardware is much longer than originally thought. Where 14 device models were said to be vulnerable following the initial announcement, that list has grown to cover tens of devices from a number of manufacturers. This makes as many as 700,000 routers vulnerable around the world and an even greater number of connected users.

Even more problematic is that those affected are vulnerable to a newly discovered element of the malware which allows it to perform a man-in-the-middle attack on incoming traffic that passes through the router. That makes everyone on infected networks susceptible to attack and data theft. The malware module, called “ssler” also actively scans web URLs for sensitive information like login credentials, which can then be sent back to a control server, as per Ars Technica. It does this by actively downgrading protected HTTPS connections into far more readable HTTP traffic.

What’s most striking about this latest discovery, is that it highlights how router owners and connected devices are targets too, not just the potential victims of the botnet that was actively created through the proliferation of this malware.

Regardless, recommendations for securing your own network remain the same.

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices,” FBI officials warned. “Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

There are three stages to VPNFilter — a persistent stage 1 and non-persistent stages 2 and 3. Because of how the malware works, rebooting will clear out stages 2 and 3 and mitigate most problems. The FBI had seized a domain used by the malware’s creator to deliver stages 2 and 3 of the attack. These later stages cannot survive a reboot.

The Justice Department also issued a similar warning, urging users to reboot their routers. “Owners of SOHO and NAS devices that may be infected should reboot their devices as soon as possible, temporarily eliminating the second-stage malware and causing the first-stage malware on their device to call out for instructions,” the department said in a statement. “Although devices will remain vulnerable to reinfection with the second-stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

Cisco advised all users to perform a factory reset of their devices, which would clear out even stage 1 of the malware. If you’re unclear on how to perform a factory reset, you should contact the router manufacturer for instructions, but in general, inserting a paper clip into the “reset” button located on the back or bottom of your router and holding it in place for a few seconds will wipe your router. Additional recommendations to mitigate future attacks are also found in Cisco’s report.

Updated on June 6: Added news of newly affected routers and attack vectors.

Photography

A turn for the better: Loupedeck+ adds custom dials, more to Lightroom console

The Loupedeck+ improves on the original Lightroom console by adding welcome customization options and introducing support for Skylum Aurora HDR. What's even better is that it does this all at an even lower price.
Computing

The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.
Mobile

Google working on quick charging fix for Pixel after Android 9.0 Pie update

Google's Pixel smartphone may be running the latest software, but it still has its fair share of issues. We've rounded up some of the more common Google Pixel problems, along with a few solutions for addressing them.
Product Review

Can a pair of earbuds be worth $2,000? These are so good we'd pay more

Shure’s astronomically priced KSE1500 electrostatic earbuds get a reboot of sorts in the KSE1200, which drop the digital-to-analog converter, but keep all the lovely sound for less cash.
Cars

Head Tesla engineer leaves for Apple to possibly reboot self-driving car

Apple's self-driving car project could get the reboot as a former chief engineer for Tesla Motors left the company to go back to Apple. Doug Field, who worked at Tesla from 2013 until last month, will go back to Apple.
Mobile

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.
Computing

Intel serves up ‘Bean Canyon’ NUCs revved with ‘Coffee Lake’ CPUs

Looking for a super-compact PC for streaming media that doesn’t break the bank? Intel updated its NUC family with its new “Bean Canyon” kits. Currently, there are five with a starting price of $300 packing eighth-generation Intel Core…
Deals

Save hundreds with the best MacBook deals for August 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Computing

Lost without 'Print Screen'? Here's how to take a screenshot on a Chromebook

Chrome OS has a number of built-in screenshot options, and can also be used with Chrome screenshot extensions for added flexibility. You have a lot of options, but learning how to take a screenshot on a Chromebook is easy.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement, or an unwanted trip to your local repair shop.
Computing

Asus claims ‘world’s thinnest’ title with its new Zephyrus S gaming laptop

The Republic of Gamers arm at Asus is claiming “world’s thinnest” with the introduction of its new Zephyrus S gaming laptop measuring just 0.58 inches at its thinnest point. The company also revealed the Strix SCAR II.
Computing

Intel teases new dedicated graphics card slated for 2020 release

Intel has confirmed plans to launch a dedicated graphics card in 2020. Although precious few details exist for the card at this time, it was silhouetted in a recent Intel video showcased at Siggraph 2018.
Computing

AMD Threadripper 2990WX hits 6GHz under liquid nitrogen overclock

AMD's Threadripper 2990WX was already powerful when it debuted with 32 cores and 64 threads, but one overclocker has used liquid nitrogen to push a single core up to 6GHz for a new world record.