A new Malware has been found that targets Modems/Routers specifically. This Malware ‘watches’ all the network traffic that flows through the Modem/Router, looking for and recording usernames and passwords and allowing the attacker to see them.
If you got one of our Netcomm or Fritzbox modems you won't be affected by this Malware. If you are using your own Modem/Router and it is listed on the know devices list (which you can see at the bottom of this page here), then follow the advice from Cert NZ, which is:
- Factory reset. The malware persists on the device even after a reboot and therefore the device must be factory reset and firmware must be re-installed.
- Patched before they are put back in use. This should be patched to the most recent patch released by the vendor.
- Reconfigured so that management interfaces are not exposed to the internet, and change any default credentials
If these steps cannot be followed, the device should be replaced with one that receives patches and is currently supported by the vendor. No other steps can be taken to fully mitigate this attack.
More details here:
https://www.cert.govt.nz/businesses-and-individuals/recent-threats/new-malware-found-on-routers/
https://www.cert.govt.nz/it-specialists/advisories/advisory/vpnfilter-malware/
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html (Modem/Router List is near the bottom)