Jump to content

FBI: Reboot your router to help defeat malware attack


Mach1

Recommended Posts

The hacking has been attributed to Fancy Bear, the Russian group that hacked the DNC.

Displayed is a LED-illuminated wireless router in Philadelphia, Sunday, July 27, 2008.  LEDs can be useful indicators of what state a gadget it is in _ or where to find it _ but they also bug people who’d rather not have lights shining in their faces when they’re trying to sleep or watch movies. (AP Photo/Matt Rourke)

U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations.

FBI Special Agent in Charge Bob Johnson said: “These hackers are exploiting vulnerabilities and putting every American’s privacy and network security at risk.”

Start your day with the news you need from the Bay Area and beyond. Sign up for our ew Morning Report weekday newsletter.

Johnson encouraged people and businesses to take several steps: First, reboot the device, which can disrupt the malware if it is present. Second, update network equipment and change passwords — though he cautioned “there is still much to be learned about how this particular threat initially compromises infected routers and other devices.”

In a statement issued late Wednesday, the Justice Department said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to protect victims by redirecting the malware to an FBI-controlled server.

The DOJ attributed the hacking campaign to the group known as Sofacy, also known as Fancy Bear. While the statement did not explicitly name Russia, Fancy Bear is the Russian military-linked group that breached the Democratic National Committee in the presidential election.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” said Assistant Attorney General for National Security John Demers.

The announcement of law enforcement’s salvo came just hours after cybersecurity researchers from Cisco’s intelligence unit Talos warned that sophisticated hackers had infected at least 500,000 devices in at least 54 countries with the malware dubbed “VPN Filter.”

Much of the attention at first focused on an apparently imminent threat in Ukraine: The malware showed up in devices there at such “an alarming rate” in recent weeks that the researchers believed hackers linked to a state government were preparing an extensive cyberattack on the country, the researchers said. While the researchers themselves did not name Russia, they did say the malware had some of the same hallmarks of recent Russian government-backed hacking campaigns that took out parts of the country’s power grid.

“The code of this malware overlaps with versions of the BlackEnergy malware — which was responsible for multiple large-scale attacks that targeted devices in Ukraine,” Talos said in a blog post. The U.S. government and security experts have attributed those attacks to Russia.

The latest campaign fits a pattern of influence operations the Russian government has used in recent years to upend life in Ukraine as part of a strategy to exert influence on the digital stage, said Nina Jankowicz, a fellow at the Wilson Center.

“Ukraine has always been a proving ground for Russian cyberactivity,” she told me. “Russia is asserting its cyber prowess. It wants the United States and the West to know what it’s capable of without having to launch an attack on a Western government, which would draw retribution.”

Yet in this case, it’s not surprising that the threat was a priority for U.S. law enforcement — and not just because Russia has been in the spotlight for its interference campaign in the 2016 election.

Earlier this year, the White House publicly blamed Russia for the NotPetya cyberattack in June 2017, when Russian military hackers shut down networks across Ukraine and wiped data from financial firms, government offices and other institutions around the world. The White House said it was the “most destructive and costly cyberattack in history” and vowed that it would “be met with international consequences.”

Craig Williams, the head of Talos’s security team, told me that under a worst-case scenario, the mass of infected devices was powerful enough to be used to carry out a “potential sequel” to the NotPetya attack.

“We’re rolling right up on the anniversary of that attack,” Williams said. If hundreds of thousands of routers get knocked out simultaneously, he said, “that will have a very similar impact to NotPetya.”

Williams called VPN Filter the “Swiss army knife for malware.” In addition to using it for espionage purposes, the malware has the potential to intercept communications on industrial control systems used throughout the energy sector and by manufacturers, water treatment facilities and other critical infrastructure operators. It also has a destructive capability known as “bricking” that allows the malware to permanently disable any device infected with it.

By infecting consumer wireless routers, hackers were targeting an especially weak link in computer networking, said Michael Daniel, president of the Cyber Threat Alliance, of which Cisco is a member.

It’s “particularly pernicious because it targets the kind of device that’s difficult to defend,” he told me. “They sit on the edge of the network or on the outside of the firewall. They don’t really have antivirus for routers.”

The FBI and the Department of Homeland Security have notified trusted internet service providers of the malware, according to the DOJ. Cisco said users can disable the malware beyond its first stage by rebooting their routers.

source

Link to comment
Share on other sites

  • Replies 7
  • Created
  • Last Reply

[A user commented on another board:  ;)]  "Everything I don't like is a Russian linked bot"     :lol: 

 

 

Link to comment
Share on other sites

 from now on all russia posts ill say russia did it no matter if fake or lies russia did it lets see if this changes things  yes we hacked all things and is going to keep doing it for lifetime if its what u all think ill say it  soon u all see how this end with russia posts

Link to comment
Share on other sites

It has become old and boring, @Knowledge: "‘Blame Russia’ Is Getting Old -- Western voters want policy solutions, not conspiracy theories."

 

Also this 5-year old article is very informative:  "The Drive to Blame Russia"

 

Extracts: 

... Why is Russia always at fault? ...

... This lashing out, however emotionally satisfying, comes at a significant cost. Most damaging, it obscures the extent to which Americans create their own problems and shifts attention from what they can and should do to overcome them — whether it’s protecting national secrets from the likes of a Edward Snowden or developing and executing a consistent, intelligible policy toward Syria and Iran...

... None of this means that the United States should not criticize Russia. But it should do so only when the link between Russia and whatever issue arises is clear and significant — and when American steps are likely to induce changes in Russia’s behavior that advance concrete goals...

 

Caution, however:  It's much easy to go by propaganda rather than the difficult and time consuming process of being well informed and making up one's own mind -- on each individual issue:(

 

Yes, this posts borders on politics, but is nsaneforums itself free of politics?  Are software applications and services free of politics?  What human activity is free of politics?

 

Thank you.   :flowers:

 

Link to comment
Share on other sites

 i wait and read all russia post but never show real proof  y as no proof just things people think  show real proof

   russia hacked dnc it was not a hack so its a lie from the start

Link to comment
Share on other sites

 funny

 

The hacking has been attributed to Fancy Bear, the Russian group that hacked the DNC.

Displayed is a LED-illuminated wireless router in Philadelphia, Sunday, July 27, 2008. LEDs can be useful indicators of what state a gadget it is in _ or where to find it _ but they also bug people who’d rather not have lights shining in their faces when they’re trying to sleep or watch movies. (AP Photo/Matt Rourke)

U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations. 

 but they say can stop it with a users can disable the malware beyond its first stage by rebooting their routers.  so y fbi wants to seize control of a network of hundreds of thousands of wireless routers ?

Link to comment
Share on other sites

14 minutes ago, knowledge said:

"Blank" wants to seize control of a network of hundreds of thousands of wireless routers

Substitute "blank" whatever you believe.  ;)

 

I'd start with "The Martians want to seize ...  routers."  

 

:lol:

Link to comment
Share on other sites

The third recommended change after rebooting and changing the password is to disable WAN access to the router.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...