Last week, reports came through on a new breed of malware that is directly targeting network routers (instead of the devices hooked up to them, like your laptop or other equipment). It's concerning, since most routers don't usually have malware intrusion security measures.
The DOJ, in cooperation with the FBI, quickly seized control of the domain that was being used. This is good news - since the malware will not be able to establish itself after this communication has been interrupted, BUT the hardware must be rebooted in order for this change to take effect.
The FBI and Department of Homeland Security have both issued statements requesting that all users reboot their hardware.
Does this impact me?
If you use one of the devices that was targeted by the software, you should reboot at minimum. Here are the devices that were targeted:
- Linksys: E1200, E2500, and WRVS4400N
- Mikrotik: 1016, 1036, and 1072
- Netgear: DGN2200, R6400, R7000, R8000, WNR1000, and WNR2000
- QNAP: TS251 and TS439 Pro
- TP-LINK: R600VPN
Even if your devices is not explicitly listed above, it may be a good idea to reboot anyway, since it only takes a few minutes as is a good security precaution to take.
The Easy Way
The easiest way to reboot your router? It's simple - unplug it! That's it. Wait a full 60 seconds for the device to reset itself, and then plug it back in.
Go about your business knowing you've made your network safer and complied with the FBI's request.
The Better Way
While it might be simplest to reboot your router with a quick unplug, it's not the best way to ensure your network is secure.
If your device has an associated app (like the Google WiFi app), the best course of action is to go to the device settings for your network. From there, you can select the Reboot option.
Before you do that, though, check to see if your router's firmware is up to date. If the option is available, have the app check and see if there are any updates that have to be applied. Updating the firmware requires an automatic reboot anyway, so you'll be making sure your device is properly protected and more secure in the future.
If you're not sure if your firmware is up to date, or your app doesn't have the option, check the manufacturer's website and follow any steps listed there to update your device.
Oh, and if you're still using the default user name and password for your router, change those while you're updating the device. Default router logins for nearly every major brand can be found with a quick Google search. It would be akin to changing the locks on your house, then leaving the front door open.
Protecting Against Future Attacks
Other than keeping your firmware up to date, there's not a lot more you can do to protect yourself. One interesting thing to note, however, is that consumer mesh networks like Google WiFi or AmpliFi were not on the list of vulnerable devices.
It could be these devices automatically update themselves, so vulnerabilities are harder for hackers to find and exploit. Or maybe they just weren't targeted this time around. Either way, if this incident has made you a little suspicious of your current networking hardware, you might want to think about upgrading. Consider a system with a monitoring app, one that automatically applies firmware updates.