sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence from Si

Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough
Jun2018

Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough

Recap: The VPNFilter Botnet is a type of malware that targeted routers and NAS devices in order to steal information, files and observe network traffic through devices in real time. 

Once installed, the malware works in three specific stages:

  • Stage 1: Once installed, the malware will stay present even when users reboot their routers.
  • Stage 2: Attackers work tirelessly executing demands in order to steal sensitive data. At this stage the router interrupts the user’s network connections.
  • Stage 3: This is the final stage where various plugins can be installed into the malware which allows it to monitor or 'sniff' out the data flowing over the network links in real time, watch all SCADA communications and communicate over TOR.

What is interesting is that Stage 1 will run again after the router has been rebooted, but Stage 2 and 3 won't. This is why the FBI put the message out to ask everyone to reboot their routers in order to disable Stage 2 and 3.

So why isn't just rebooting your router enough?

By rebooting your router it will disable the more malicious components of Stages 2 and 3. However, Stage 1 will still be present on the router.

The only way to get rid of the VPNFilter malware is for users to restore their routers back to factory settings. See below steps on how to do this:

  • Reset router back to Factory Settings
  • Upgrade router to the latest firmware software
  • Change admin password
  • Disable remote administration

It is important to note, that even though the above will remove the VPNFilter malware and other current threats in the Cybersecurity world, this will not protect users forever. Cyberattacks are increasing rapidly and attackers are discovering and exposing new vulnerabilities constantly.

For this reason, it is important to continually update and install devices with the latest software updates when available to protect against new threats.

For information about Si Cyber’s malware detection and response capabilities, please contact sales@siconsult.com

 

All News

Recent Cyber Posts

  • Si Cyber Intel: Threat Actor “Hackyboy” Targets Financial Organisations

    Si Cyber Intel: Threat Actor “Hackyboy” Targets Financial Organisations
    By Si

  • Si Cyber Intel: Emotet – The Rise Of Banking Trojans

    Si Cyber Intel: Emotet – The Rise Of Banking Trojans
    By Si

  • Si Cyber Intel: Gmail – Who’s Reading Your Private Emails?

    Si Cyber Intel: Gmail – Who’s Reading Your Private Emails?
    By Si

  • Si Cyber Intel: Mining Malware Is Still The Dominant Threat In Cybersecurity Landscape

    Si Cyber Intel: Mining Malware Is Still The Dominant Threat In Cybersecurity Landscape
    By Si

  • Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough

    Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough
    By Si

  • Si Cyber Intel: Malicious Banking Trojan, Roaming Mantis, Is Back

    Si Cyber Intel: Malicious Banking Trojan, Roaming Mantis, Is Back
    By Si

  • Si Cyber Intel: FacexWorm – Aggressive Malware Spreading Through Facebook Messenger

    Si Cyber Intel: FacexWorm – Aggressive Malware Spreading Through Facebook Messenger
    By Si

  • Si Cyber Intel: Android-based Malware ‘ZooPark’ Targets Victims Across The Middle East

    Si Cyber Intel: Android-based Malware ‘ZooPark’ Targets Victims Across The Middle East
    By Si

  • India: Si Launches New SOC In Pune, India

    India: Si Launches New SOC In Pune, India
    By Si

  • UK: Si Wins SIEM As A Service Contract For Major Housing Association

    UK: Si Wins SIEM As A Service Contract For Major Housing Association
    By Si

"RT @ForensicsCorp: Users' name, birth date, email address, work history and other information were exposed for nearly a week in November, G…"
@SiConsultCyber

"RT @MalwareJake: Yesterday, Microsoft announced there's a remotely exploitable heap overflow in MS DNS on Server 2012R2 and later. Infosec,…"
@SiConsultCyber

"TA505 cyber criminals create new campaign targeting users via distributing weaponized MS word documents:… http://5aNlBRKs0A"
@SiConsultCyber

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

+44 (0)20 332 70699

sales@siconsult.com

UK

Contact: Chris Cheyne

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Copyright © 2018 Si Group | All Rights Reserved.

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.