VPN Filter

By
2 Minutes Read

This week’s technology topic is a quick Q&A with The IT Company’s own Kyle Kelley. We asked him to help our readers better understand a form of Malware, known as VPN Filter.  

What is VPN Filter? 

VPN Filter is a form of Malware that affects the operating system of many consumer Routers and Wireless Access Points. Kind of like how your computer runs Windows, or MacOS, and your phone runs IOS or Android, network devices like your home router run a specialized OS.  One common OS is called Busybox Linux, and is the one that is the target for this malware. 

What does it do? 

While malware is much more common on PCs and phones, its possible for network devices to have malware as well. Researchers are still a little unsure of how it has been installed initially, once its installed then an attacker can take control of the router, and interfere or stop network access, or potentially steal information.  

What are the effects of VPN Filter? 

If you browse the internet while connected to an infected device, it’s possible for an attacker to monitor what you are doing, potentially even stealing credentials or personal information.  One strain of the malware is focused on SCADA systems, which is the control language for industrial system. So this variant could potentially impact systems like heavy equipment, or power grids.  However there haven’t been any reports of this actually happening. 

How can you protect yourself against it? 

Cisco Talos, the security research team that first discovered it, has posted a list of affected devices.  If you have one of these devices on your home network, then you need to perform the following steps: 

  1. Perform a factory reset of the device.  Usually there is a small button on the device that can be pressed with a paperclip to perform this. 
  2. Update the firmware on the device to the latest version. 
  3. Re-configure the device for your network, and be sure to change any default passwords for the device or wireless networks. 

If you have one of these devices on your business network, you need to check with your IT provider first before performing these steps to stop the immediate threat. Then you should see about replacing the device with a business class Firewall. 

How does The IT Company protect people against it?  

Most the network devices affected are what are known as SOHO or Small Office/Home office devices.  These devices are cost effective, and great for home use. In fact I have one of the affected models in my house, however for our customer networks we only use business/enterprise class firewalls that are automatically getting updated to the latest firmware versions to protect from attacks like this.  Additionally, most our customers have security monitoring systems that help detect if any devices on a customer’s network are currently infected with any form of malware like VPN Filter.  

At The IT Company, we take your security very seriously. Our experts, such as Kyle, are consistently looking for ways to help you prevent the negative ramifications of malware like those posed by VPN Filter.