VPNFilter Router Malware Attack – Is Russia Up to its Common Tactics?

Colleagues, the US FBI and DHS along with the UK’s National Cyber Security Center jointly warned that hackers working on behalf of the Russian government are compromising large numbers of routers, switches, and other network devices . Code-named VPNFilter, this malware has primarily targeted some 500,000 consumer and small business router worldwide … yet with a geographic focus on the Ukraine. Sound suspicious? It contains the RC4 encryption cipher BlackEnergy. BlackEnergy has been used in a variety of attacks tied to the Russian government. The type of devices targeted by this actor are difficult to defend. Most of the impacted routers are on the perimeter of the network with no IPS and commonly without do not have an AV package. Read the Cisco Talos security report by clicking here. So who is behind VPNFilter? CSD supports the Russian origin theory. What about you? Share a comment and subscribe today! Lawrence, Cyber Security Defender (https://cybersecuritydefender.blogspot.com)