VPNFilter: What Your Business Needs to Know

vcio services

The number of widespread cyber security issues in the news seems to be growing, doesn’t it? VPNFilter – malware that affects consumer and small-business grade routers and other network devices – is just the latest threat to make headlines.

The FBI is advising everyone to restart their home or small business routers to mitigate the effects of VPNFilter. But how does this affect your business? Read on to find out.

What Is VPNFilter?

VPNFilter is the name that researchers have given to malware that was designed—allegedly by Russian state actors—to infect network devices, primarily routers. By infecting routers, the criminals behind the malware are able to spy on internet activity and, more importantly, steal usernames and passwords used to access accounts via the web. Furthermore, researchers have found that VPNFilter also has the ability, when triggered, to render an infected router useless.

Obviously, these features mean that VPNFIlter could pose serious security risks for your business, if your networking equipment is among the devices affected. Which logically leads to the question . . .

Is My Business Affected?

If you have business-grade network hardware (i.e., the kind of equipment Affinity recommends for our clients), it’s unlikely that your company network is susceptible to VPNFilter. The malware seems to be limited to devices designed for consumer use (i.e., in the home) or for very small businesses. While many have provided lists of all the devices known to be infected – and these lists are worth consulting – a good rule of thumb is that if you bought it from Best Buy, Amazon, or another consumer retailer, it’s likely to be vulnerable.

Still, even if your company has business-grade network hardware, the VPNFilter story is a developing one, and, though highly unlikely, it is possible that this and similar exploits could affect even hardware with enterprise-class safeguards. That’s why regular maintenance and upkeep are essential to ensure that any threats that slip through those safeguards are found and properly mitigated. Ensuring that our clients’ network systems have the latest firmware and updates, alongside routine vulnerability review, is one of our top priorities during our regular technology alignment visits for our Complete Care clients.

Another risk that all businesses should consider is that even if their networking equipment is unaffected by VPNFilter, there is no guarantee that public and home routers from which your employees access your network or your data is safe. If your workforce accesses company assets remotely (i.e., from a home or public internet connection), your data could be vulnerable, as the routers used to provide the connection may well be infected. The best course of action to mitigate this risk will depend on the sensitivity of the information being accessed remotely, and the priority your business places on remote connectivity. So, this decision would be best dealt with in conversation with an IT professional.

However, there are some basic steps you can encourage remote employees to take to mitigate these risks.

Basic Steps for Mitigation

Per the FBI’s recommendation, it is a good idea for everyone to perform a power-cycle reboot (unplug, wait for 15 seconds, and then plug back in) on their home and small-business routers. If your router is infected, this will disable most (but not all) of the malware’s functionality.

There are, of course, further steps that should be taken, but which may necessitate the services of a technology professional, depending on how comfortable the user is with making administrative changes to their routers. Unfortunately, these steps will vary depending on the device in question, but broadly speaking, these actions will help mitigate risk from VPNFilter:

  • Performing a “hard” reset of the device, usually by pressing and holding the recessed “reset” button. Note: Doing this will likely result in the device being reset to factory default settings, which means any custom settings will be lost. This means a hard reset will likely require the user to input settings and to create new login credentials.

  • Updating the device’s firmware.

  • Disabling remote management functionality on the device.

  • Changing the administrator credentials—especially if the factory default credentials are in use.

Again, these steps require some basic technical know-how. So, users may need to seek technical help with performing them.

The Bigger Picture

Attacks like VPNFilter are, unfortunately, a reality that we’re likely to continue to live with. VPNFilter in particular highlights the need for businesses to invest in business-grade hardware that is managed by competent technology professionals. This higher-grade hardware contains better safeguards against malware like VPNFilter, and systems administration services like Affinity’s provide quick mitigation for any threats that do sneak through those safeguards.

If you have questions about your business’s approach to mitigating VPNFilter, or if you’d like to talk about your company’s overall approach toward cyber security, don’t hesitate to contact us.