Steve Smith talks about router malware that is the product of our worst nightmares.
Episode #8-43 released on June 19, 2018
Defaults are our enemy, and when it comes to malware that can infect our routers, this still holds true. Infecting a computer is bad enough but infecting the gateway of all your traffic can have even worse consequences.
What is VPNFilter and why is it dangerous?
VPNFilter is malware that targets a user's router, in a three-stage attack that not only compromises the security of the router but can, also, compromise security for all users connected to that router, at the same time. It uses default user information to install itself and overtake operations of the target router in order to begin the process of acquiring the stage 2 and stage 3 payloads.
A compromised router with stage 2 of VPN Filter can use man in the middle attacks to acquire all sorts of information on the user, including usernames, passwords, changing information on your banking sites, etc. At this point, all of the traffic going into and out of the compromised router is at risk, and because of the way the attack is implemented, sites using SSL/TLS/HTTPS are not secure anymore.
Stage 3 of the virus is the absolute worse, as it's payload can lead to the bricking of your router. This means, that expensive piece of hardware sitting on your desk, or on the floor behind some dresser is at risk of being rendered a paperweight. And, after this point, there is nothing you can do about it, either.
So, what are some ways of mitigating the risks of being infected?
Hopefully, you aren't infected, because detection is near impossible. However, start by changing any default information in your router, like username and password. The days of secure WIFI and insecure routers ended a long time ago. Admin and Admin username and password combinations are insecure. Use a unique username when possible, and a strong password, too. Make sure you have the latest firmware available installed in your router, as well. And, a last piece of information, avoid downloading anything from web-sites you don't know. Even if the web-site clearly shows the HTTPS secure icon, as this can be misleading.
And, to be even safer, go to our source and check to see if your router is part of the list of currently known routers that can be targeted. And, I want you to keep this in mind, your router, even if it is not on the list, yet, may be next!
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net