VPNFilter threat discovered by Cisco Talos
What you should know 
New malware targets at least 500K devices worldwide

Update [Thursday, May 24, 2018]: Cisco Talos’ investigation found a new malware, VPNFilter, that has compromised more than 500,000 small office/home office routers and network attached storage devices to date around the world. Cisco devices are not among those affected.This complex threat allows the actor to inspect traffic that is passing through the devices to steal files off network backup drives, and potentially pivot onto connected corporate networks. See Talos blog for technical breakdown and new updates.

This type of threat research takes months to unfold. Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching this new sophisticated malware – VPNFilter.The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, however, research continues.
What does this mean? It means attackers don’t rest – but rather they innovate. They evolve. Of course, we must too.

VPNFilter is nasty because the malware allows for theft of website credentials and monitoring of certain protocols. Not good. It has a destructive capability that can turn infected devices completely unusable – meaning it can do this to individual devices or en masse, with the potential of cutting off internet access for hundreds of thousands worldwide. This wouldn’t be the way we’d want to start our morning. The potential for it to pivot to other networks, means corporations and organizations must be ready.

Ways you can take action:
  • Register for our upcoming webinar on Tuesday, June 5th where we will chat live about the recent discovery of VPNFilter
  • Block internet communications of affected devices to known malicious destinations with Umbrella, and/or Web Security Appliance.
  • Leverage NGFW and NGIPS to block the threat on the network.
  • Get a head start by detecting affected devices communicating on the network to known malicious locations on the internet with Stealthwatch and Stealthwatch Cloud.
  • Review your incident response plan to ensure you are prepared to respond quickly and effectively to breaches. Incident Response services can help.
  • We’ve underscored defense-in-depth for years – and it is as important as ever now given new, more complex threats and security attacks. And of course, you need the right threat intelligence team and resources to back up security technology to respond in worst-case scenarios. Continue to get the latest updates on threat research from Talos.

    Some key elements of Threat Defense:

    Free Security Trials

    Pick the right free trial for you or chat with a security expert to determine what’s best for your organization.

    Get Started >

    Incident Response

    Strengthening readiness and response to attacks.

    Better Response to Attacks >

    Experiencing an incident now?
    Contact us immediately. We are available globally, 24 hours a day, every day of the year.
    Call now: 1-844-831-7715

    Network Security and Segmentation

    Detect and block malicious network activity (on SMB connections in this case) and prevent lateral spread of malware

    Advance Your Defenses >