Improving your Network’s Security against Online Malware

Contrary to popular belief, cyberattackers do not exclusively focus on breaching large corporations. Instead, The United States Computer Emergency Readiness Team (US-CERT) stresses that most malware attacks are indiscriminate in their target selection, and are just as likely to affect home or small business networks as large businesses. Therefore, an organization of any size is vulnerable to malicious software as long as it has computers that are connected to the internet.

One of the most recently discovered threats that has affected more than 500,000 routers is called “VPNFilter”. American networking hardware manufacturer Cisco has stated that routers developed by Linksys, NETGEAR, QNAP, TP-Link, and MikroTik are vulnerable to the new malware. This new malicious software is capable of destabilizing the firmware of your router and exploiting security vulnerabilities to steal sensitive information, such as website login credentials.

Cisco has reported that “VPNFilter” uses a three stage process to gain access to your router’s information. Firstly, stage 1 involves the malware finding out the ip address attached to the server, and rooting itself into the router. After successfully gaining traction, the malware initializes stages 2 and 3 of its operations. Stage 2 allows attackers to gather information from the server, as well as destabilize the firmware of the router using “self-destruct protocols”. Finally, stage 3 allows attackers to gather further traffic information such as website login information.

Cisco has outlined recommended strategies to counter “VPNFilter”. Firstly, rebooting your router can remove stage 2 and 3 of the malware from your router, and inhibits further data collection temporarily. However, this does not remove stage 1 of the malware, meaning that it will still be rooted within your device. Therefore they warn that the malware will still be able to reinitialize its stage 2 and 3 protocols after a router reboot. To fully remove the malware from your router, Cisco states that you must fully factory reset the device, restoring it to its factory settings.

The 2017 Mirai Malware

One common aspect shared by many devices infected by the VPNFilter is the fact that owners of these devices did not change the default login information of their routers, causing them to be much more vulnerable to attack.

A similar incident occurred in 2017, when the malicious software “Mirai” infected thousands of routers which still had default login credentials. These infected devices were then used to target the DNS provider “Dyn” with DDoS attacks, and managed to disturb the functioning of many enormous websites such as Paypal and Twitter.

However, “VPNFilter” and “Mirai” are only the latest of many malicious software. In light of this, here are some general best practices to protect your servers and computers from online attack.

Firstly, do not leave your router settings on default. These are often designed to be overly lenient to convenience the end-user. However, default settings can often increase vulnerability to online malware and cyberattacks. In particular, the setting “remote management”, which allows users to change the settings of the device from a remote location such as a computer on the network, is often turned on by default on many routers. However this is a major vulnerability that could be abused by cyberattackers. Therefore always ensure to turn off this setting after initial device setup.

Constantly check for software updates for your computer. These do not just contain bug fixes, but often also contain important security updates to protect your computer from newly discovered malicious software.

Download and constantly update antivirus software from a reputable developer, to ensure that your network has protection against online malware. Furthermore, ensure that firewalls are activated on all your computers connected to the internet. Firewalls constantly filter internet usage and traffic based on existing databases of dangerous software, and can be essential to protecting yourself against malicious or suspicious websites.

Finally, ensure to backup all important data, whether in a company or home setting. Despite following all these precautions, any computer connected to the internet will still be inherently vulnerable to cyberattacks and malware. Therefore, always keep encrypted backup copies of important or sensitive data. This will not only ensure that the information cannot be destroyed, but that it will also be inaccessible to an attacker who has not gained possession of an encryption key.

For more information or assistance on how to protect your network, contact us at +1 (888) 366-4443.