SOHO routers – risky business indeed. Replace or upgrade now.

Talos Intelligence released a fascinating overview of a state sponsored attack being actively used in the wild to compromise Internet connect routers.  The Stage 1 infection is permanently installed on affected equipment.  While you can (and should)reboot your device to flush out the Stage 2 and 3 infections the reality is this is a stop gap measure at best.  Stage 1 infections will actively attempt to download and install Stage 2/3 infections – so rebooting simply resets the infection, it does not remove it.

No business should be using a SOHO router to share their Internet connection – they do not provide robust security and attack protection.  There are a variety of solid, more secure enterprise class solutions available that a business should be using.  If you are using a SOHO router replace it now.

For home users, the risk is still present and you need to vigilant constantly updating your Router to the newest firmware available.  (Or possibly consider an enterprise class solution.)  Older routers that have not had firmware updates in over a year should be considered abandoned by their manufacturer and should be replaced immediately.

Attacks like this clearly demonstrate to need to have effective (and constantly upgraded) equipment in place to better secure your company/home.

https://blog.talosintelligence.com/2018/05/VPNFilter.html

Leave a Reply

Your email address will not be published. Required fields are marked *