sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence from Si

Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough
Jun2018

Si Cyber Intel: VPN Filter Botnet - How Rebooting Your Router Isn't Enough

Recap: The VPNFilter Botnet is a type of malware that targeted routers and NAS devices in order to steal information, files and observe network traffic through devices in real time. 

Once installed, the malware works in three specific stages:

  • Stage 1: Once installed, the malware will stay present even when users reboot their routers.
  • Stage 2: Attackers work tirelessly executing demands in order to steal sensitive data. At this stage the router interrupts the user’s network connections.
  • Stage 3: This is the final stage where various plugins can be installed into the malware which allows it to monitor or 'sniff' out the data flowing over the network links in real time, watch all SCADA communications and communicate over TOR.

What is interesting is that Stage 1 will run again after the router has been rebooted, but Stage 2 and 3 won't. This is why the FBI put the message out to ask everyone to reboot their routers in order to disable Stage 2 and 3.

So why isn't just rebooting your router enough?

By rebooting your router it will disable the more malicious components of Stages 2 and 3. However, Stage 1 will still be present on the router.

The only way to get rid of the VPNFilter malware is for users to restore their routers back to factory settings. See below steps on how to do this:

  • Reset router back to Factory Settings
  • Upgrade router to the latest firmware software
  • Change admin password
  • Disable remote administration

It is important to note, that even though the above will remove the VPNFilter malware and other current threats in the Cybersecurity world, this will not protect users forever. Cyberattacks are increasing rapidly and attackers are discovering and exposing new vulnerabilities constantly.

For this reason, it is important to continually update and install devices with the latest software updates when available to protect against new threats.

For information about Si Cyber’s malware detection and response capabilities, please contact sales@siconsult.com

 

All News

Recent Cyber Posts

  • Si Cyber Intel: VSDC Site Compromised Once Again Spreading Information Stealing Malware

    Si Cyber Intel: VSDC Site Compromised Once Again Spreading Information Stealing Malware
    By Si

  • Si Cyber Intel: “Gaza Hackers Team” Launches Malicious Malware

    Si Cyber Intel: “Gaza Hackers Team” Launches Malicious Malware
    By Si

  • Si Cyber Intel: Troldesh Ransomware

    Si Cyber Intel: Troldesh Ransomware
    By Si

  • Si Cyber Intel: StealthWorker Malware Uses Compromised Windows And Linux Computers To Deliver A Series Of Brute Force Attacks

    Si Cyber Intel: StealthWorker Malware Uses Compromised Windows And Linux Computers To Deliver A Series Of Brute Force Attacks
    By Si

  • Si Cyber Intel: Google Moves Away From Password-Based Security As Android Devices Become FIDO2 Certified

    Si Cyber Intel: Google Moves Away From Password-Based Security As Android Devices Become FIDO2 Certified
    By Si

  • Si Cyber Intel: New Initiative Takes Down 100,000 Malware Sites In Just Ten Months

    Si Cyber Intel: New Initiative Takes Down 100,000 Malware Sites In Just Ten Months
    By Si

  • Si Cyber Intel: Major Security Breach Discovered Affecting Airline Travellers Worldwide

    Si Cyber Intel: Major Security Breach Discovered Affecting Airline Travellers Worldwide
    By Si

  • Si Cyber Intel: Emotet – The Rise Of Banking Trojans

    Si Cyber Intel: Emotet – The Rise Of Banking Trojans
    By Si

  • Si Cyber Intel: Gmail – Who’s Reading Your Private Emails?

    Si Cyber Intel: Gmail – Who’s Reading Your Private Emails?
    By Si

  • Si Cyber Intel: Mining Malware Is Still The Dominant Threat In Cybersecurity Landscape

    Si Cyber Intel: Mining Malware Is Still The Dominant Threat In Cybersecurity Landscape
    By Si

"Remcos RAT campaign delivers new variant using AutoIt wrapper http://zSbrIRV1R7"
@SiConsultCyber

"Cybercom publicly posts malware linked to North Korean hackers http://uf44YmQrfh via @TechCrunch"
@SiConsultCyber

"New “Norman” Malware Took Part in Large-Scale Cryptominer Infection http://mSdxgTtf87 via @TripwireInc"
@SiConsultCyber

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

+44 (0)20 332 70699

sales@siconsult.com

UK

Contact: Chris Cheyne

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

Greenwich View Pl, Canary Wharf, London E14 9NN

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Copyright © 2019 Si Group | All Rights Reserved.

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.