VPNFilter and The Importance of The Home Network

By: Bill Baerwalde on August 15th, 2018

VPNFilter and The Importance of The Home Network

Since May of 2018, we’ve heard a lot about VPNFilter malware and the growing number of affected devices. We’ve even been given the directive to reboot our routers to stop the malware which also enables the FBI and other security groups to better track it. While rebooting the router won’t remove the malware, it will stop the advanced portions of VPNFilter from continuing. To remove the Stage 1 VPNFilter payload, you must apply the proper patch and updates from the manufacturer.

Originally it was thought that the VPNFilter malware was only affecting a few older routers and firmware. However, as the days continued, it has been revealed that numerous small office and home routers have also been affected. The reach of this malware into consumer homes brings up a very important point. When thinking about cybersecurity, most people would naturally think of corporate networks and data breaches. And who would blame them? We rarely think to look at the equipment in our own homes that provides us with connectivity. This case proves how dangerous that can be. VPNFilter can not only render a router or NAS device inoperable, but it can also provide a man-in-the-middle attack. As we’ve examined before, this type of attack allows passwords and other confidential information to be captured from the SSL traffic that crosses it.

As our homes become increasingly filled and connected with Internet of Things (IoT) devices, or Smart Home devices as they’re commercially known, it becomes that much more important to address the security of the equipment outside our offices. We need to make sure that our router’s firmware stays up-to-date and look into replacing the hardware regularly. These devices are our first line of defense when we leave our corporate controlled networks and are becoming just as important.

To learn more about how the Internet of Things (IoT) devices increase security and liability vulnerabilities and how to keep your data safe, check out one of these blogs:

If you still have questions about how to implement similar corporate network standards and best practices in your home, our Security Team can help. Contact them today!

Here is a list of known routers and NAS devices. Note: Items marked “new” were recently discovered.

ASUS
- RT-AC66U (new)
- RT-N10 (new)
- RT-N10E (new)
- RT-N10U (new)
- RT-N56U (new)
- RT-N66U (new)

D-Link
- DES-1210-08P (new)
- DIR-300 (new)
- DIR-300A (new)
- DSR-250N (new)
- DSR-500N (new)
- DSR-1000 (new)
- DSR-1000N (new)

Huawei
- HG8245 (new)

Linksys
- E1200
- E2500
- E3000 (new)
- E3200 (new)
- E4200 (new)
- RV082 (new)
- WRVS4400N

MikroTik
- CCR1009 (new)
- CCR1016
- CCR1036
- CCR1072
- CRS109 (new)
- CRS112 (new)
- CRS125 (new)
- RB411 (new)
- RB450 (new)
- RB750 (new)
- RB911 (new)
- RB921 (new)
- RB941 (new)
- RB951 (new)
- RB952 (new)
- RB960 (new)
- RB962 (new)
- RB1100 (new)
- RB1200 (new)
- RB2011 (new)
- RB3011 (new)
- RB Groove (new)
- RB Omnitik (new)
- STX5 (new)

Netgear
- DG834 (new)
- DGN1000 (new)
- DGN2200
- DGN3500 (new)
- FVS318N (new)
- MBRN3000 (new)
- R6400
- R7000
- R8000
- WNR1000
- WNR2000
- WNR2200 (new)
- WNR4000 (new)
- WNDR3700 (new)
- WNDR4000 (new)
- WNDR4300 (new)
- WNDR4300-TN (new)
- UTM50 (new)

QNAP
- TS251
- TS439 Pro
- Other NAS devices running QTS software

TP-Link
- R600VPN
- TL-WR741ND (new)
- TL-WR841N (new)

Ubiquiti
- NSM2 (new)
- PBE M5 (new)

Upvel Devices
- unknown models (new)

ZTE Devices
- ZXHN H108N (new)

About the Author

Bill Baerwalde has been in the information technology industry for 20 years. During that time, he has worked with enterprise environments in the public and private sectors. He currently holds certifications from Cisco, Microsoft, VMWare, and Citrix, and works as a Solutions Engineer for Internetwork Engineering (IE).