We discussed in our blog last week VPNFilter and the FBI requesting everyone to reboot their router. I suggested we all need to update the Firmware on anything exposed to the Internet like Routers and Network Attached Storage.
Checking back on the Talos Blog (Cisco’s threat research group) this week they reveal more devices from more manufacturers are vulnerable. I’ll update the device list (see below) from the latest list posted on their blog yesterday
Please take our advice, update your router’s firmware today.
Do you know how to update your router’s firmware?
If you answered no, we advise you to figure it out today. If you don’t know what we are talking about or need help, drop a comment, email, or ring our bell — call us.
The Talos update concluded:
These new discoveries have shown us that the threat from VPNFilter continues to grow. In addition to the broader threat surface found with additional targeted devices and vendors, the discovery of the malware’s capability to support the exploitation of endpoint devices expands the scope of this threat beyond the devices themselves, and into the networks those devices support. If successful, the actor would be able to deploy any desired additional capability into the environment to support their goals, including rootkits, exfiltration capability and destructive malware.
Is your device listed below?
Known Affected Devices
The following devices are known to be affected by this threat. Based on the scale of this research, much of our observations are remote and not on the device, so it is difficult to determine specific version numbers and models in many cases.
Given our observations with this threat, we assess that this list may still be incomplete and other devices may be affected.
RB Groove (new)
RB Omnitik (new)
Other QNAP NAS devices running QTS software
PBE M5 (new)
Unknown Models* (new)
ZXHN H108N (new)
* Malware targeting Upvel as a vendor has been discovered, but we are unable to determine which specific device it is targeting.
We hope your devices aren’t on the list. But who knows what other devices have been compromised and have yet to be discovered by security researchers? VPNFilter is a threat to you and your network. The threat is growing according to those in the know.
Now that you know it is a growing threat to you and your network, what are you going to do?