Federal Bureau of Investigation warns consumers to reboot routers that may have been hacked

Adjust Comment Print

Just last week, the Federal Bureau of Investigation and the Department of Justice announced that thousands of infected home and office routers are under the control of the Sofacy Group, a group that is said to be linked to the Russian military per numerous cybersecurity firms.

"Foreign cyber actors have gotten into hundreds of thousands of wireless routers and they have the potential to obtain a person's information passing through so that is the real threat", Hudson explains.

"The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer".

VPNFilter is malware that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device.

People should also consider disabling remote-management settings, changing passwords and upgrading to the latest firmware.

Cisco Talos says the known affected devices are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, though they note their research is still not complete. The FBI says unplugging and rebooting routers should help lessen the impacts of the hack.

Sofacy, also known as APT28 and Fancy Bear, has been blamed for numerous most dramatic Russian hacks, including that of the Democratic National Committee during the 2016 USA presidential campaign. The more unsafe stages, two and three, can be removed with a reboot.

So if you're using a newer device, still take the 30 seconds or so to reset, but you may already be in the clear.

The feds are pinning this attack on Fancy Bear, a hacking group also known as APT28 and Sofacy Group, among other monikers.

"These compromised devices on the internet can be used to go after our infrastructure", Colburn said.

On Netgear routers, you have to head to the Advanced tab click the "reboot" button. The number of devices in homes connected to the internet worldwide stands at 23 billion. Take your router, turn it off, and turn it on again.

"Your router is not like a computer where you have antivirus that can detect that type of malicious code entering the system", said Horacio Maysonet, president and CEO of Cyber Security Solutions.

"I have to say about every 5 minutes someone is trying to attack it using a brute force password attack", McManus said. At issue is a technology called "Wi-Fi Protected Setup" (WPS) that ships with many routers marketed to consumers and small businesses.