Last updated 15:35 25th May: Security advisory from Redscan Labs.
Businesses worried by reports of a new strain of malware targeting VPN routers and network storage devices are being urged not to panic and follow basic security procedures to ensure they remain safe.
The advice follows widespread reports that at least 500,000 networking devices may have been infected by VPNFilter, a potentially destructive malware capable of stealing website credentials, monitoring Modbus SCADA protocols and rendering infected devices unusable.
To mitigate the risk of VPNFilter, Redscan advises that businesses regularly check the list of known affected devices to understand whether they are affected. Initial analysis suggests that the Linksys, MikroTik, Netgear, TP-Link and QNAP devices at risk are more likely to be used by households rather than businesses.
Any business that believes that it could be exposed is advised to:
- Ensure affected devices are patched to the most recent firmware/software versions
- Keep antivirus software up-to-date
- Reset to factory default and then reboot any affected devices
- Regularly back up important systems and files
Additional notes for ThreatDetect™ customers
Redscan Labs will continue to closely follow the threat landscape. For customers subscribed to ThreatDetect, our managed detection and response service, this includes monitoring and blocking any malicious malware signatures and IP addresses linked to the VPNFilter threat, as well as issuing further advice as appropriate.