Tony Su
2018-05-24 16:24:42 UTC
This morning,
Is the Security news of the day...
You can get more breaking news using the search term "vpnfilter" and
omit "vpn filter" results.
Summary
Est >500,000 devices already compromised
Current main attack focus is Ukraine
Almost no attack vector info, except that
- IoT devices with known unpatchable vulnerabilities
- Primarily SOHO Internet routers and Microtik and QNAS NAS appliances
- 2 stage, the first stage survives reboots, the second stage does not
- Uses image files(no explanation I've seen so far, does this mean
steganography? Text files stored on image sites like Photobucket?)
Article from main Security team working with the US federal government
https://blog.talosintelligence.com/2018/05/VPNFilter.html
Additional info from Cisco/Talos
https://blogs.cisco.com/security/talos/vpnfilter
One posting how to identify whether you've been hacked (IMO YMMV)
https://a2alert.com/vpnfilter-malware-indicators-compromise/
Although the available information is very sketchy at the moment,
A few important bits of info are
- Review the security of your edge devices (Those exposed to the
Internet), particularly focusing on passwords.
- Change all default passwords on edge devices
- Don't use any easily guessed or commonly used passwords on edge devices.
- Don't forget devices where traffic is forwarded through your
Internet Router to devices like NAS within your network. Those should
be considered exposed as Internet devices as well.
Tony
Is the Security news of the day...
You can get more breaking news using the search term "vpnfilter" and
omit "vpn filter" results.
Summary
Est >500,000 devices already compromised
Current main attack focus is Ukraine
Almost no attack vector info, except that
- IoT devices with known unpatchable vulnerabilities
- Primarily SOHO Internet routers and Microtik and QNAS NAS appliances
- 2 stage, the first stage survives reboots, the second stage does not
- Uses image files(no explanation I've seen so far, does this mean
steganography? Text files stored on image sites like Photobucket?)
Article from main Security team working with the US federal government
https://blog.talosintelligence.com/2018/05/VPNFilter.html
Additional info from Cisco/Talos
https://blogs.cisco.com/security/talos/vpnfilter
One posting how to identify whether you've been hacked (IMO YMMV)
https://a2alert.com/vpnfilter-malware-indicators-compromise/
Although the available information is very sketchy at the moment,
A few important bits of info are
- Review the security of your edge devices (Those exposed to the
Internet), particularly focusing on passwords.
- Change all default passwords on edge devices
- Don't use any easily guessed or commonly used passwords on edge devices.
- Don't forget devices where traffic is forwarded through your
Internet Router to devices like NAS within your network. Those should
be considered exposed as Internet devices as well.
Tony
--
KPLUG-***@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
KPLUG-***@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list