The Trad Gang Digital Market
*** TRAD GANG SPONSOR LIST ***
3Rivers Archery
Abowyer Inc.
A&H Archery
American Leathers
Art Vincent Leather Works
Backwoods Grind Coffee
Big Jim's Bow Company
Bill Langer Bowhunting Productions
Bison Gear Packs
Black Widow Bows
Bow Hush
Broderick Head's Taxidermy
Cari-Bow
Dryad Bows
Eagle's Flight Archery
G. Fred Asbell
Gray Wolf Woolens
Hill Country Bows
Instinctive Archer Magazine
Island Graphics
KME Sharpeners
Marksman Quivers
Montana Bows - Dan Toelke
Mule Creek Outfitting
Onestringer Arrow Wraps
Pedernal Bowhunts
Pine Hollow Longbows
Polk Knives
Ron La Clair's Archery Shoppe
Schafer Silvertip Bows
Shift's Seasoning
Silent But Deadly Bowstrings
Smokeys Deer Lure
St. Joe River Bows
Todd SMith Company
Tolke Bows
TradArchers' World
Trad Gang Digital Market
VPA - Vantage Point Archery
The Waldrop PacSeat
Wood from the West
Zipper Bows
Zwickey Archery
Contribute to Trad Gang and Access the Classifieds!
Become a Trad Gang Sponsor!
Traditional Archery for Bowhunters
LEFT HAND BOWS CLASSIFIEDS
TRAD GANG CLASSIFIEDS ACCESS
RIGHT HAND BOWS CLASSIFIEDS
The Cyber Camp of Traditional Bowhunters
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Home
Help
Login
Register
Trad Gang
»
Main Boards
»
PowWow
»
PSA - Russian Hackers and Your Computer
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: PSA - Russian Hackers and Your Computer (Read 1211 times)
Rob DiStefano
Administrator
Trad Bowhunter
Posts: 12250
Contributing Member
PSA - Russian Hackers and Your Computer
«
on:
June 03, 2018, 08:03:10 AM »
Credit for this alert goes to Trad Gang member Hud - thank you, sir.
The FBI is urging small businesses and households to immediately reboot routers following Cisco's report that 500,000 infected devices could be destroyed with a single command.
The malware, dubbed VPNFilter, was developed by the Russian state-sponsored hacking group Sofacy, also known as Fancy Bear and APT28, according to the FBI, which last week obtained a warrant to seize a domain used to control the infected routers.
Cisco's Talos Intelligence researchers revealed in a report last week that 500,000 routers made by Linksys, MikroTik, Netgear, and TP-Link had been infected with VPNFilter.
The malware is capable of collecting traffic sent through infected routers, such as website credentials.
However, the most worrying capability is that malware allows its controllers to wipe a portion of an infected device's firmware, rendering it useless. The attackers can selectively destroy a single device or wipe all infected devices at once.
The country also blamed Russia for last June's NotPetya attacks that mostly affected Ukraine organizations but also spread within multinational corporations with offices in Ukraine.
Users with infected routers can remove the dangerous Stage 2 and Stage 3 components of VPNFilter by rebooting the device. However, Stage 1 of VPNFilter will persist after a reboot, potentially allowing the attackers to reinfect the compromised routers.
The web address the FBI seized on Wednesday, ToKnowAll[.]com, could have been used to reinstall Stage 2 and Stage 3 malware, but all traffic to this address is now being directed to a server under the FBI's control.
The FBI nonetheless is urging all small office and home router owners to reboot devices even if they were not made by one of the affected vendors. This will help neuter the threat and help the FBI identify infected devices.
The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices," the FBI said in a public-service announcement.
Owners are advised to consider disabling remote-management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.
Cisco and the Justice Department have also urged all home and small office users to reboot routers.
The Justice Department said the FBI-controlled server to which infected devices are now communicating with will collect the IP addresses of each device.
The addresses are being shared with the non-profit cyber security group, The Shadowserver Foundation, which will disseminate the addresses to foreign CERTs and ISPs. The FBI and US DHS CERT has also notified some ISPs.
It's not known how the attackers initially infected the routers, but Symantec noted in its report on VPNFilter that many of them have known vulnerabilities.
"Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading the threat," wrote Symantec researchers.
Known infected devices include:
Linksys E1200
Linksys E2500
Linksys WRVS4400N
MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
Logged
IAM
~ The only government I trust is my .45-70 ... and my 1911.
McDave
TG HALL OF FAME
Trad Bowhunter
Posts: 6086
Re: PSA - Russian Hackers and Your Computer
«
Reply #1 on:
June 03, 2018, 09:15:34 AM »
I read about this and did the reboot of my router. Then I remembered that I also have another router that picks up the signal from the main router and sends it to parts of the house that aren't covered by the main router. I hadn't turned it off, so I went back and turned both of them off at the same time, so one wouldn’t reinfect the other. Don't know if this makes any sense, but it seemed like a good idea.
Logged
TGMM Family of the Bow
Technology....the knack of arranging the world so that we don't have to experience it.
Roy from Pa
Administrator
Trad Bowhunter
Posts: 20690
Re: PSA - Russian Hackers and Your Computer
«
Reply #2 on:
June 03, 2018, 09:17:57 AM »
Rebooted my router also.
Thanks, Rob
Logged
goobersan
Trad Bowhunter
Posts: 1386
Re: PSA - Russian Hackers and Your Computer
«
Reply #3 on:
June 03, 2018, 09:39:04 AM »
Thank you sir
Logged
Hud
Contributing Member
Trad Bowhunter
Posts: 2242
360-921-5779
Re: PSA - Russian Hackers and Your Computer
«
Reply #4 on:
June 03, 2018, 01:10:35 PM »
Thanks Rob for the thorough update. I needed to replace an old router with a new model, and turn the power off at night, no point to leaving it on.
Logged
TGMM Family of the Bow
Print
Pages: [
1
]
Go Up
« previous
next »
Trad Gang
»
Main Boards
»
PowWow
»
PSA - Russian Hackers and Your Computer
Users currently browsing this topic:
0 Members and 1 Guest are viewing this topic.
Contact Us
|
Trad Gang.com ©
|
User Agreement
Copyright 2003 thru 2024 ~ Trad Gang.com ©