Consumer Grade Router Malware
Go West is providing this security alert as a cautionary measure for users with a consumer grade router or network attached storage device at their home or small business. Due to a recent malware attack known as VPNFilter, the FBI and US-CERT are encouraging users with home devices from Linksys, MikroTik, NetGear, TP-Link and QNAP to reboot the device. Users should also ensure device firmware is up-to-date and change passwords on these devices.
What Is It
VPNFilter targets small home and office routers and network attached storage devices. Once infected, the device allows criminals the ability to launch further attacks, collect personal website information, block network traffic, or they can render the device completely unusable.
Official US-CERT alert statement: https://www.us-cert.gov/ncas/alerts/TA18-145A
Manufacturers Linksys, MikroTik, Netgear, QNAP and TP-Link have posted instructions for users to follow to update their device software.
How Does It Impact Me
There is very little risk associated with this malware attack for commercial organizations utilizing business grade devices. However, it is vital that organizations be aware of the vulnerability for remote users connecting from a home office. Those users are more likely to be using a consumer grade router and should follow the recommended procedures.
If you have concerns or questions regarding a potential consumer grade router at your business please reach out to Go West support at firstname.lastname@example.org.