VPNFilter malware attack spread gets bigger

Cisco cyber intelligence unit, Talos last month on 23 May had discovered that hackers had infected at least 500,000 networking devices from Linksys, MikroTik, Netgear and TP-Link with VPNFilter malware campaign spread across 54 countries. But now Talos revealed that they have discovered additional details about the malware campaign and found out devices from Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE are also targeted.

“The list of makes and models at risk is getting longer. We’d urge users to check to see if their device is being targeted by this bad actor, and take the recommended steps to protect themselves,” said Craig Williams, outreach leader at Cisco Talos”

In the two weeks since sharing the findings on VPNFilter, Cisco Talos has now found there’s a way for the attacker to inject malicious content into web traffic as it passes through network device without the user’s knowledge. This makes it clear that the VPNFilter threat was meant to leverage the victim’s devices in a much bigger way. “The technical sophistication of this attack is like nothing we’ve ever seen before. The bad guys continue to innovate and interate using a modular approach. Our research into this shows they can deliver threats to the endpoint and network. Once you can inject code you can quite literally do anything- steal passwords, install software…” said Matt Watchinski, VP Cisco Talos

Right now, it appears the number of infected devices remains at 500-thousand. The advice remains the same as when this attack was first discovered. If you own any of the devices at risk, unplug it from the network, restore it to the original factory settings, and immediately update security patches.