20.6.18

background image of data sheet

Health insurer leverages clinical data assets to improve care quality and manage commercial risk


InterSystems Corporation, a global leader in health information technology, today announced a groundbreaking collaboration with Premera Blue Cross, a not-for-profit Blue Cross Blue Shield licensee in Alaska and a Blue Cross licensee in Washington State. Premera is using InterSystems HealthShare® to bring together clinical data from health information exchanges, provider group electronic medical records (EMRs), along with claims to build a complete picture of each of its members. By doing so, Premera can more effectively manage risk and utilize data to support its purpose of “improving customers’ lives by making healthcare work better.”

“By combining claims and clinical data, we enable providers to better understand a patient’s health issues in real time,” says Colt Courtright, Director of Corporate Data and Analytics at Premera. “For example, a doctor knows what prescriptions have been written, but not if they have been filled.
Combining clinical and claims data in real time fills that gap and gives doctors a much more complete picture of their patients’ health, empowering a richer care experience.”

Premera and InterSystems began their initial partnership in 2017, when they used HealthShare to connect to the Alaska health information exchange, healtheconnect Alaska, to bring in 150,000 patient records from across the state. After rapidly achieving a series of milestones through HealthShare’s real-time data access, Premera expanded the services to add its Washington-based customers, and then later to 11 other states. To date, Premera receives Inpatient and Emergency Department (ED) alerts from contracted data sources across these 11 U.S. states from more than 400 EMRs driving efficient and holistic care to its customers.

“We are only scratching the surface when it comes to utilizing Big Data to its full potential in healthcare. We are working with InterSystems as part of Premera’s strategy to leverage data in a meaningful way that provide direct benefits for our customers,” Courtright said. “Since implementing HealthShare, Premera has the potential to better evaluate health risk, and support patients with higher-level care needs.”

“We submit claims every year to CMS that demonstrate the risk we’ve taken on based on our customer population,” said Courtright. “Increased insight into a customer’s complete health picture, and the ability to manage risk in real-time, we believe will prove to be invaluable to our organization.”

“Disconnects between providers and patients have been, and will continue to be, a huge pain point in our healthcare system,” said Don Woodlock, vice president of HealthShare at InterSystems. “Bringing together clinical and claims data provides Premera greater insight into their customers and allows them to innovate in new and exciting ways. This allows them to be better partners and collaborators with their network of providers which leads to better outcomes for everyone.”

https://www.intersystems.com/news-events/news/news-item/intersystems-and-premera-blue-cross-bring-together-claims-and-clinical-data-to-make-healthcare-work-better/

Europol and partners dismantle prolific cyber-extortion gang



The arrest of a 25-year-old French man in Thailand apparently seals the fate of Rex Mundi, a hack-and-extort collective that operated since at least 2012
Europol has announced the arrests over the past year of eight French nationals who are suspected of being involved in a long-running hacking ring called Rex Mundi.
The latest in a string of arrests was made by Thai police, which acted on a French international arrest warrant and apprehended “a French national with coding skills” on May 18 of this year. This operation capped a year-long effort that also resulted in the arrests of another seven people believed to be the gang’s members, who were nabbed by French police in June and October 2017.
Rex Mundi (Latin for “King of the World”) made a name for itself with multiple hack-and-extort campaigns that mainly victimized companies in Europe. As we also reported in 2014, the gang typically hacked into corporate networks and ransacked them for sensitive information before demanding ransom payments on pain of dumping the data online. On a number of occasions, the group delivered on its threats.
As per Bleeping Computer, the earliest reports of the crew’s activities date back to the summer of 2012. The gang would initially take to Twitter to brag about its shenanigans, only to opt for a more low-key profile later on.
How the crew’s undoing unfolded
Law enforcement began to turn the tables on the gang in May 2017, shortly after the group claimed credit for stealing troves of customer data from an unnamed UK-based firm. A member of the gang then phoned the company and demanded either €580,000 for not going public with the data or over €825,000 (both in bitcoin) for also sharing details about how the intrusion had been carried out. For each day the company failed to pay, the criminals demanded a ransom of €210,000, according to Europol.
The company refused to pay up and contacted the UK Metropolitan Police, which gathered and then relayed information about the attack to French police and Europol. “Within an hour, Europol’s 24/7 Operational Centre was able to link the available information to a French national,” said the European Union’s law enforcement agency.
French police then moved to nab a total of five suspected members of the group in June 2017 and another two in October. The primary suspect admitted to his role in the latest extortion campaign, but said that the breach itself had been perpetrated by a hacker whom he had hired on the dark web.

19.6.18

Malware WannaCryptor geblokkeerd door de module Network Attack Protection van ESET



ESET heeft zijn professionele klanten beschermd tegen één van de belangrijkste uitbraken van malware die de jongste jaren plaats had: de epidemie van WannaCryptor malware in mei 2017. De malware besmette duizenden bedrijven wereldwijd et veroorzaakte schade die op miljoenen of zelfs miljarden dollars geraamd wordt. Dankzij zijn Network Attack Protection technologie werden de door ESET beschermde toegangspunten niet aangetast.

De aanval van 12 mei 2017 was een van de meest verstorende uit de geschiedenis van de cybersecurity. In enkele minuten, werden meer dan 200.000 toegangspunten van duizenden bedrijven in meer dan 150 landen versleuteld en ontoegankelijk gemaakt door de WannaCryptor malware, ook nog WannaCry en WCrypt genoemd. De bedrijfsprocessen werden lam gelegd in tal van sectoren, waardoor de schade op ettelijke miljoenen of zelfs miljarden dollars werd geschat.

De aanvallers achter dit incident hebben geprofiteerd van EternalBlue, een gesofisticeerde besturingsmodule, die zou gestolen of “gelekt“ zijn uit de US National Security Agency (NSA) om vervolgens online gepost te worden door een groep “black hats” (kwaadwillige hackers) gekend onder de naam Shadow Brokers.

Dit besturingsmodule maakte gebruik van een specifieke kwetsbaarheid (CVE-2017-0144) bij de implementatie door Microsoft van de Server Message Block (SMB) protocol, via poort 445. Door internet te scannen om poorten 445 te vinden, kon de malwareworm zijn code uitvoeren op de blootgestelde kwetsbare systemen en zich verspreiden zowel in de kern van het lokale netwerk van het slachtoffer als op het Internet.

Het merendeel van de besmette systemen gebruikte een niet bijgewerkte versie van Windows 7. Maar zelfs de systemen die de correctiepatches, door Microsoft op 14 maart vrijgegeven - dus twee maanden voor de aanval, niet hadden geïmplementeerd, konden beschermd worden door een kwaliteitsvolle beveiligingsoplossing in meerdere lagen.

Door gebruik te maken van de netwerkdetectie die op 25 april 2017 eraan werd toegevoegd, was de Network Attack Protection laag van ESET in staat om de aanvallen door besturingsmodules van EternalBlue te blokkeren die erop uit waren om kwaadaardig content in de doelsystemen in te brengen. Het ging om de familie van WannaCryptor malware en ander kwaadaardig content dat dezelfde verspreidingsmechanisme kon gebruiken.

De Network Attack Protection technologie van ESET liet de gebruikers toe om hun gewone activiteiten ongestoord verder te zetten. Wereldwijd hebben de besmette bedrijven en organisaties nog dagen na de aanval laten weten dat ze nog steeds belangrijke problemen hadden in de kern van hun systemen.

Het aanzienlijke aantal besmette toestellen in het WannaCryptor verhaal laat zien welke cruciale rol de implementatie van patches speelt bij de beveiliging van een organisatie.
Een dergelijke werkwijze kan echter tijdrovend en duur zijn. Door de beveiligingsoplossingen in meerdere lagen van ESET te installeren, verbeteren de bedrijven en organisaties hun bescherming tot de cruciale updates volledig getest en vervolgens geïmplementeerd worden.

Deze technologieën kunnen eveneens bijdragen tot het beschermen van access points waarvoor geen patches bestaan alsook enkele systemen die in het netwerk over het hoofd worden gezien als de patches over het hele bedrijf uitgerold worden.


Meer op www.eset.com
h

14.6.18

Les banques BMO et Simplii avertissent que des attaquants pourraient avoir subtilisé les données de clients




Deux banques canadiennes, soit la Banque de Montréal (BMO) et Simplii Financial– une filiale de la (CIBC) – ont annoncé que des cybercriminels prétendent avoir utilisé une brèche de sécurité pour voler les données de jusqu’à 90 000 clients.
Les deux institutions financières ont chacune publiée un communiqué de presse présentant la situation. Dans les deux cas, les circonstances relatées sont assez proches. Les deux entreprises expliquent avoir reçu, le dimanche 27 mai, un message provenant de cybercriminels.
« Nous prenons cette allégation au sérieux et nous avons pris des mesures afin d’améliorer nos processus de surveillance et de sécurité », a affirmé Michael Martin, premier vice-président, Simplii Financial. « Nous sommes d’avis qu’il est important que nos clients soient au courant de cette fraude potentielle afin qu’ils puissent eux aussi prendre des mesures pour protéger leurs renseignements. »
Quant à la BMO, l’entreprise souligne qu’elle communique : « façon proactive avec les clients dont les comptes pourraient avoir été touchés et nous nous engageons à les soutenir et à les aider. » L’entreprise ajoute prendre au sérieux la protection de la vie privée de sa clientèle et mettre en place des processus de sécurité.
« Nous menons une enquête approfondie», a affirmé le porte-parole Paul Gammal dans une déclaration transmise lundi.
« Nous avons pris connaissance d’affirmations non vérifiées selon lesquelles les données personnelles et financières de clients auraient pu être consultées par un fraudeur et une menace a été formulée pour le rendre public », a-t-il expliqué. La banque n’a pas précisé si l’agresseur avait demandé de l’argent.
Par ailleurs, CBC rapporte que plusieurs médias canadiens ont reçu une lettre, menaçant de vendre l’information à des criminels, à moins que les banques ne paient pas une rançon de 1 million de dollars.
« Les criminels utiliseront Simplii et les renseignements sur les clients de BMO pour faire une demande de crédit pour des produits en utilisant le numéro d’assurance sociale, la date de naissance et tous les autres renseignements personnels », peut-on lire dans la lettre.
Ce message aux médias se terminait par un échantillon des informations bancaires et de connexion d’un homme de l’Ontario et d’une femme vivant en Colombie-Britannique. Cette dernière a confirmé à CBC que l’information contenue dans le courriel, qui comprenait également les réponses à ses trois questions de sécurité, était exacte.
Les institutions fédérales sont aussi impliquées pour faire face à cette brèche de sécurité. Ainsi, le ministre des Finances, Bill Morneau, s’est entretenu avec les dirigeants des institutions concernées, selon la porte-parole du ministère, Jocelyn Sweet. « Nous surveillons de près la situation avec le Bureau du surintendant des institutions financières », souligne-t-elle. « La situation est étudiée par les institutions, en collaboration avec les forces de l’ordre. »
Le Commissariat à la protection de la vie privée a de plus indiqué lundi que la BMO et Simplii l’avaient avisé du dossier. «Nous travaillons avec les organisations pour mieux comprendre ce qui s’est passé et ce qu’elles font pour atténuer la situation», a déclaré la porte-parole Valerie Lawton par courrier électronique. «À ce stade, nous sommes en contact avec les entreprises, mais nous n’avons pas ouvert d’enquête formelle.»
Radio-Canada souligne que les services de la banque virtuelle Simplii ne sont pas offerts au Québec. Ainsi, rien n’indique pour l’instant que des clients de la CIBC sont touchés.
Les clients des deux entreprises devraient, comme c’est toujours le cas suite à une brèche de sécurité, adopter certaines mesures de sécurité particulières, notamment :
·         surveiller leurs comptes pour repérer des signes d’activité inhabituelle;
·         modifier l’ensemble des mots de passe qui pourraient avoir été compromis (raison de plus d’utiliser des informations d’identifications uniques pour chaque compte ou service!);
·         se méfier des tentatives d’hameçonnage par courrier électronique ou par téléphone;
o    En cas de doutes, contacter directement l’entreprise visée.


13.6.18


74 people arrested in US-led crackdown on email scams

The international effort to disrupt Business Email Compromise (BEC) schemes also resulted in the seizure of nearly $2.4 million and the recovery of around $14 million in fraudulent wire transfers
The United States’ federal authorities on Monday announced the arrests of 74 people on three continents for their alleged roles in large-scale Business Email Compromise (BEC) schemes, according to announcements by the US Department of Justice and the Federal Bureau of Investigation (FBI).
Forty-two people were detained in the US, 29 in Nigeria, and three in Canada, Mauritius, and Poland following a coordinated international effort called Operation WireWire. The operation was conducted over six months before leading to a wave of arrests over a span of more than two weeks.
In a typical BEC scenario, a criminal uses various techniques, including computer intrusions and social engineering, to dupe a company employee into carrying out a transfer of funds. The victim labors under the impression that the funds are being sent to a trusted business partner, but instead the money ends up in a bank account controlled by the scammers.
The individuals charged in the WireWire operation are believed to have participated in international criminal organizations that defrauded small- to large-sized businesses, as well as individual victims, who were duped into transferring high-dollar amounts or sensitive records.
A number of those arrested are “money mules” who, whether acting as witting or unwitting accomplices, were recruited to receive funds from the victims and to wire them as directed by the fraudsters. These money launderers get to keep a small cut of the proceeds in exchange for their “trouble”.
“This operation demonstrates the FBI’s commitment to disrupt and dismantle criminal enterprises that target American citizens and their businesses,” FBI Director Christopher A. Wray was quoted as saying. “We will continue to work together with our law enforcement partners around the world to end these fraud schemes and protect the hard-earned assets of our citizens. The public we serve deserves nothing less.”
The US Department of Homeland Security, Department of the Treasury and the Postal Inspection Service, as well as law enforcement in Nigeria, Poland, Canada, Mauritius, Indonesia, and Malaysia, also contributed to the operation.
The FBI recently announced that the reported loss totals for victims of BEC fraud and its variation known as Email Account Compromise (EAC) fraud topped $676 million last year.

9.6.18


Interred in the Internet of Everything
The security implications of devices connecting and sharing data
I received a request from a student for commentary relevant to his final project on ‘Botnets and the Internet of Everything’, asking what risks botnets pose for the devices (cars, watches, TVs) it includes, in terms of payload and ability to spread.
He quoted an estimate that in 2020 there will be around 50 billion devices forming part of the Internet of Everything (IoE), and another estimate that right now, 75% of IoE devices do not conform to good security practices. How well are these figures likely to reflect the situation in 2020, and what is the impact of IoE botnets likely to be?
These are interesting questions. In fact, even as I was putting the last touches to this article, an article on the Talos blog made it very clear that the risk from IoT malware is far from hypothetical. Talos estimates that at least 500,000 networking devices in at least 54 countries have been compromised.
I may return to IoT- and IoE-related issues in a longer article in due course, but in the meantime, here is a slightly expanded version of my response.
Superset, Supernet
We hear a lot about the Internet of Things (IoT), but not so much about the Internet of Everything, which might be described (and indeed often is) as a superset of the IoT. My understanding that it consists not only of the interconnected devices that make up the IoT, but also includes the people who benefit (or hope to benefit) from that interconnection, the data that are shared across those connections, and the processes by which information derived from those data are delivered to where they should be. Well, that’s the theory.
Like everyone else in the security industry, I’m concerned about the implications of (non-)security in devices that are included in both these categories. Indeed, I have been for a long time.
The bioinformatic imperative
In the 1980s through to the early 2000s I worked in bioinformatics, though on the side of system support and security rather than being directly concerned with the manipulation of biological data. Although the term IoT wasn’t heard much (if at all) then (and the term IoE even less), it was already hardly possible to work effectively in bioinformatics without being aware of the risks of compromise posed to (or by way of) medical devices. (The risks incurred by reliance on more obvious resources such as servers and network devices were already reasonably well understood, if not always adequately addressed, then or now.)
The first time I remember hearing about what would later be known as the Internet of Things was probably a reference to the by-then-legendary ‘Internet Coke Machine‘ of 1982, but I don’t remember fretting about its security implications. After all, the status of a vending machine in Pittsburgh had little impact on a medical research facility over 3,700 miles away in London.
However, computing and my own career have both undergone many changes since I first sat at a computer keyboard in 1986, or even in the 1990s, when my job title first changed to include the word ‘security’, and nowadays I suppose I see security issues everywhere. (If only I saw as many decisive solutions to security issues!)
My current concerns basically arise from the expansion of the IoT attack surface through (1) the addition of internet connectivity to objects that don’t necessarily need to be connected (2) the fact that such connectivity has been implemented by groups with little understanding or experience of internet security and privacy (3) the ‘rush to market’ and competitive pricing pressures that put the technical and psychosocial aspects of security so far into the shade as to be effectively invisible. Consider, for instance, the ill-considered addition of connectivity to so many toys and games.
Ifs and bots
I’m less concerned (right now, at any rate) with the specific risk from botnets, though that doesn’t mean there is no risk. We’ve already seen it encapsulated in the use of the Mirai and BASHLITE botnets to implement DDoS attacks. In principle, DDoS is very ‘suitable’ for an IoT botnet because it tends not to demand much in the way of operational functionality from the recruited device. On the other hand, the more features a device’s underlying operating system has – especially if the OS is fully implemented (e.g. Linux, Android) – the wider the range of attacks that might be possible using a network of compromised devices.
There are mitigating factors: some devices implement only the smallest necessary subset of functions; some are regularly patched (or at least patches are made available); some have a proprietary operating system that is less likely to attract the attention of the hacking fraternity, except maybe those black hats who are very specialized – not that I’m advocating that anyone rely on security through obscurity. What’s more, while Windows is less of a monoculture than is often assumed, out in the world of ‘smart’ devices and connected-but-not-all-that-smart devices, monoculture may be even less of an aid to the bad guys. There may be a wide range of devices doing much the same job, and they certainly won’t all be running Windows®. But then, the ancient myth that security flaws are the exclusive property of Microsoft operating systems and applications is no truer in the IoT context than it is elsewhere. Talos reports that the family of malware that ESET detects as Linux/VPNFilter.* is affecting network devices from “…Linksys, MikroTik, NETGEAR and TP-Link” as well as “QNAP network-attached storage (NAS) devices.”
Data versus devices
Here’s a slightly edited excerpt from my article in ESET’s 2018 Trends Report. There may well be other useful commentary in there, of course, if you’re looking for similar content and opinions.
Looking at attacks on smartphones and other mobile devices, these tend to be less focused on data and more on denying the use of the device and the services it facilitates. Which is quite bad enough where the alternative to paying the ransom may be to lose settings and other data, especially as more people have come to use mobile devices in preference to personal computers and even laptops, so that a wider range of data might be threatened.
As the Internet of Unnecessarily Networked Things becomes less avoidable, the attack surface increases, with networked devices and sensors embedded into unexpected items and contexts: from routers to fridges to smart meters, from TVs to toys, from power stations to pacemakers to petrol stations. As everything gets ‘smarter’, the number of services that might be disrupted by malware (whether or not a ransom is demanded) becomes greater.
In previous years we’ve discussed the possibilities of what my colleague Stephen Cobb calls the Ransomware of Things. There are fewer in-the-wild examples to date of such threats than you might expect, given the attention they attract. That could easily change, though, especially if more conventional ransomware becomes less effective as a means of making a quick buck. Though I’m not sure that’s going to happen for a while…
On the other hand, there’s not much indication that Internet of Things security is keeping pace with IoT growth. We are already seeing plenty of hacker interest in the monetization of IoT insecurity. It’s not as simple as the media sometimes assume to write and distribute malware that will affect a wide range of IoT devices and beyond, so there’s no cause for panic, but we shouldn’t underestimate the digital underworld’s tenacity and ability to come up with surprising twists.
Dinosaurs in Tomorrow’s World
And here – since I haven’t changed my opinion much in the interim – is a lengthy quote from an article I wrote for ITSecurity UK a couple of years ago.
I don’t know how many people have internet-connected fridges, lighting systems and televisions, but I don’t … It’s not just a matter of my being afflicted with the characteristic paranoia of the old-school security researcher. Well, not entirely. I won’t be connecting anything to my own networks that doesn’t need to be connected to function, and part of that is normal caution. I don’t particularly want to have to worry about whether my doorbell might give away my WiFi password. But the fact is, a smart doorbell or a connected kitchen appliance simply doesn’t meet any need I have right now, so I’m not going to pay extra for that functionality … personally I’m quite happy to live in Today’s World rather than Tomorrow’s. Though sometimes I wouldn’t mind going back to Yesterday’s.
But we dinosaurs do worry about a time … when we don’t have a choice about whether our devices are connected, as may already be starting to happen with TVs, for instance. Will we be able to choose whether we enable that connectivity? And … the number of people currently affected by real-world vulnerabilities may be far smaller than the PR avalanches indicate. But … IoT ‘represents an ever-widening attack surface.’ And if you’re one of a relatively small segment of the population affected by a vulnerability in a medical device, for example, you may not be reassured by the fact that it won’t affect most people. And as my colleague Pablo Ramos has pointed out, IoT is an issue that is likely to extend beyond the home and into the workplace. But maybe not immediately.
However, Nick FitzGerald, my colleague at ESET, points out that 5G is being developed and positioned in such a way that it’s not going to be possible indefinitely to avoid 5G “connected” devices. He believes that persistent 5G will be embedded into nearly everything that runs on or generates electricity, probably with no means of disabling it.
How much should we worry about this? Well, it’s an evolution of how things are at the moment, in a world where tracking by Cookie Monster is the lifeblood of the internet retail industry and social media (in some respects the same thing). Electronic appliance manufacturers will not be reluctant to take advantage of the control and monitoring opportunities offered by mandatory interconnectivity, comparable to that already enjoyed by major service providers through software and consumer electronics such as entertainment, communications and productivity devices. In essence, this trend further facilitates the extension of these opportunities from ‘brown goods’ to ‘white goods’ (aids to housekeeping such as dishwashers and refrigerators).
You may not be too concerned about the possibility that your kettle or light-fixtures may compromise your privacy, but consider this. When the internet was a playground for the State and academia, security breaches had comparatively little impact on the rest of the world. As interconnectivity spread to commercial enterprises and trickled down to small businesses and home users, the threat surface increased dramatically. While corporates are likely to have access to some in-house or outsourced security knowledge, this was (and still is) less likely to be the case for SMBs, sole proprietors, and private individuals using home networks. As home users have moved away from old-school home computers (in the sense of desktops and laptops) to handheld devices, we’ve seen more and more reliance on those devices for sensitive transactions. Yet those transactions are by no means always adequately and universally protected by the services and systems that support them. In a 5G world, the attack surface will increase dramatically, and I don’t envisage a correspondingly dramatic rise in standards of security and privacy, or in the general level of customer understanding of the risks.
Right now, it’s still possible (though not always easy) to do your shopping and banking in the real world rather than online. And you still have the option in many cases of avoiding unnecessary or unsafe connectivity. But for how long?
VPNFilter
In view of the current issues with routers vulnerable to the VPNFilter malware, here a few ESET links with information from Stephen Cobb that seems particularly relevant right now.
Stephen Cobb: Router reboot: How to, why to, and what not to do – “The FBI say yes but should you follow this advice? And if you do follow it, do you know how to do so safely?”
Stephen Cobb: VPNFilter update: More bad news for routers 
“New research into VPNFilter finds more devices hit by malware that’s nastier than first thought, making rebooting and remediating of routers more urgent.”
You can find these and many more links about the Internet of (not always necessary) things on an AVIEN page here.

7.6.18


VPNFilter update: More bad news for routers

New research into VPNFilter finds more devices hit by malware that’s nastier than first thought, making rebooting and remediating of routers more urgent.
At the bottom of this article is a revised list of routers believed to be at particular risk from the malicious code known as VPNFilter, according to ongoing research by Cisco’s Talos Intelligence Group. These latest findings underscore the importance of rebooting routers, as described at length in this WeLiveSecurity article.
With 56 additional models and five new vendors impacted, it is increasingly likely that even more will be identified. This reinforces previous advice: you should take action regardless of the make or model of router you are using (unless you have received solid assurances from your ISP or vendor that your specific router is not vulnerable).
What’s going on here?
Hundreds of thousands of routers in more than 50 countries have been compromised by malware dubbed VPNFilter. When placed on a router, this malicious code can spy on traffic passing through the router. The malware can also “brick” the device it runs on, rendering it inoperative.
Like a lot of malware, VPNFilter is modular and can communicate over the internet with a Command and Control (C2) system to download additional modules. Research into VPNFilter’s capabilities is ongoing.
Routers are specialized computing devices that direct traffic between networks, for example, between the network in your office and the global network known as the internet. Routers have three places to store code and information: regular memory, which is “volatile” and loses its contents when it loses power; non-volatile memory that retains its contents even when the power is turned off; and firmware, the contents of which are relatively difficult to change.
Much of VPNFilter’s code resides in volatile memory and is wiped out by a reboot or “cycling the power” (i.e. power it off – wait 30 seconds – then power it on again). That is why the security experts and the FBI recommend rebooting your router.
However, a reboot does not remove code that VPNFilter may have written to non-volatile memory. Clearing non-volatile memory requires a device reset, but you should NOT perform a reset unless you know what you are doing (see the instructions and advice in this related WeLiveSecurity article).
If your router is supplied by your ISP you should contact them for instructions if they have not already alerted you and advised you of the situation.
Other steps to consider are upgrading your router to the latest firmware, changing the default administration password, and disabling remote administration. Instructions to perform these functions can be found on the router maker’s website.
Yes, you probably do have a router
I am sure there will be more articles related to VPNFilter and router security on WeLiveSecurity in the coming days. We already get the sense, based on questions from readers so far, that knowledge of routers and how to secure them varies considerably within the population of router users.
One basic question – do I have a router? – is actually trickier to answer than you might think. Many homes and small offices have a variety of boxes that work together to deliver the internet to their computers, smartphones, tablets, smart TVs, clever thermostats, and so on.
Read the complete article on