At least half a million routers and storage devices in dozens of countries around the world have been infected by a sophisticated botnet, in preparation for an alleged planned cyber attack on Ukraine.
The botnet, which has been given the rather unglamorous name of VPNFilter, is believed to be likely to be controlled by a state-sponsored hacking group variously known variously as APT28, Pawn Storm, Sandworm, Fancy Bear and Sofacy.
Cisco Talos researchers have been working with security industry partners and law enforcement for months investigating the botnet, which like the infamous Mirai botnet focuses its attention on hijacking IOT devices like routers and network access storage (NAS) devices rather than regular PCs.
Although the investigation is not yet complete, the researchers decided to go public with their findings after uncovering evidence that an imminent cyber attack might be being planned against Ukrainian infrastructure.
For its part, Ukraine’s state security agency has claimed that the report suggests that Russia was planning a major cyber attack ahead of the UEFA Champions League football final, due to take place at the NSC Olimpiyskiy Stadium in Kiev on Saturday.
So, should you be concerned if you aren’t based in Ukraine? Well, of course you should!
Even if you aren’t in imminent danger of being targeted by the botnet itself, you certainly don’t want to be part of the problem. Everybody who is on the internet should play their part in ensuring that the internet stays as safe as possible – and that means not contributing to the problem.
If you follow basic security hygiene it’s not hard to protect your own IoT devices, but if you don’t you are making things more dangerous for everybody else on the internet.
So far VPNFilter has been seen affecting small office/home office routers from Linksys, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/vpnfilter-botnet-has-hacked-500000-routers-reboot-and-patch-now/