Bot Net Affecting Routers and IOT (VPN Filter Exploit)

Sophos news story about a current Bot Net affecting many Routers and IOT, where either a Firmware ReFlash or new Firmware can cure infected hardware.

https://nakedsecurity.sophos.com/2018/05/24/vpnfilte...

I'm still using my Plusnet VDSL Modem/Router (Hub One?) and assume firmware upgrades are done remotely on the later models. I can see the last update it received was dated August 2017 - is that the latest?

Clearly the use of unique passwords and reflashing if infected are a must. Unfortunately many of us don't bother changing the routers password once it's setup.

Further reading:-

https://nakedsecurity.sophos.com/2018/05/23/vpnfilte...

Edit:- I believe the Draytek Advisory posted on this forum maybe of the same issue which recently went public.

Edit 2:- There is a list of routers known to be affected here:-
https://www.tripwire.com/state-of-security/featured/...

Edited by Vorlon (Thu 24-May-18 21:01:21)

See theReg

In reference to www.theregister.co.uk/2018/06/07/vpnfilter_is_much_worse_than_every...:

More affected devices. More damage. And what looks like an escalation in attacks

Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly-named by Cisco's Talos Intelligence as being exploited by the VPNFilter malware

Yes, I'm keeping an eye on both my Plusnet Router and my TPlink VR900 V1 and both don't appear to have had firmware upgrades since 2017.

Is it time to mandate the ability for users to change access usernames as well as passwords? My Billion is 'fixed' at default.

With the increasing 'hacking' of the IoT, surely another layer of security against botnets is worthwhile