Author Topic: This looks like one of the worst hacks yet  (Read 1547 times)

This looks like one of the worst hacks yet
« on: 08 June, 2018, 09:57:24 pm »
https://www.theregister.co.uk/2018/06/07/vpnfilter_is_much_worse_than_everyone_thought/

Something to worry everyone.

Quote
Essentially, you should get the latest software for your gateway, install it, and reboot the device, to avoid contracting VPNFilter.

T42

  • Apprentice geezer
Re: This looks like one of the worst hacks yet
« Reply #1 on: 09 June, 2018, 09:24:52 am »
I'll just crawl under this rock here...
I've dusted off all those old bottles and set them up straight

Beardy

  • Shedist
Re: This looks like one of the worst
« Reply #2 on: 10 June, 2018, 12:53:15 pm »
Just proving that the only secure computer is one that is not connected to any network. In a locked room. And not turned on. At least, based on the cut]rent levels of technology.

For every complex problem in the world, there is a simple and easily understood solution that’s wrong.

Afasoas

Re: This looks like one of the worst
« Reply #3 on: 10 June, 2018, 04:47:21 pm »
Just proving that the only secure computer is one that is not connected to any network. In a locked room. And not turned on. At least, based on the cut]rent levels of technologypeople.

FTFY.
It's not the tech per se. It's the people and the commercial pressure exerted by realities of loosely regulated capitalism.

citoyen

  • Occasionally rides a bike
Re: This looks like one of the worst hacks yet
« Reply #4 on: 10 June, 2018, 05:17:05 pm »
Most of that piece is gobbledygook to me, but I have a feeling it's something I probably ought to be concerned about...

My home internet connection is via a Sky hub, which I think is made by D-Link. Is there anything I can do/need to do to make it safe?
"The future's all yours, you lousy bicycles."

Afasoas

Re: This looks like one of the worst hacks yet
« Reply #5 on: 10 June, 2018, 05:34:07 pm »
Most of that piece is gobbledygook to me, but I have a feeling it's something I probably ought to be concerned about...

My home internet connection is via a Sky hub, which I think is made by D-Link. Is there anything I can do/need to do to make it safe?

According to this list, maybe depending upon the model number.
I've not yet found a source describing how VPNFilter is infecting devices - except to say it was using a vulnerability (patched in 2017) to infect mikrotik routers.

I'd suggest:

1) connect it to your computer via ethernet cable (just to make some of the later steps easier)
2) factory reset
3) chuck the latest firmware onto it*
4) change login (admin) credentials - use a good password, though be warned many routers will balk at passwords more than 12 or 16 characters
5) change the wireless network name and PSK
6) disable WPS
7) disable uPNP
8) disable remote administrative access (TR-069)

Visit ShieldsUP!and make sure you don't have any ports open.

If there aren't any firmware upgrades available, see if there's any mention of your router in respect of these vulnerabilities. Hopefully any relevant CVEs are already patched. If there are applicable CVEs not already fixed in your current firmware and no new firmware available, please consider replacing. I've not been in the market for an all in one router for a while, but I'd do your homework carefully before replacing it. For anyone that takes this stuff seriously, I'd recommend running separate modem, bridged to a firewall (pfSense, opnsense) and Wireless Access Point.

citoyen

  • Occasionally rides a bike
Re: This looks like one of the worst hacks yet
« Reply #6 on: 10 June, 2018, 05:49:17 pm »
Thanks, I'll investigate further.

As far as I can tell, the model is not listed, but I guess it would be worth doing a security check anyway.
"The future's all yours, you lousy bicycles."

ian

Re: This looks like one of the worst hacks yet
« Reply #7 on: 10 June, 2018, 06:29:13 pm »
I appreciate the article is probably written for people who really like computers enough to think that underpants are the most one needs to wear when operating one, but I confess even with a modicum of computer knowledge, I have no idea whether to be threatened or not. No one had threat to strip my C&C filters and bash me with OxFF byte before.

Afasoas

Re: This looks like one of the worst hacks yet
« Reply #8 on: 11 June, 2018, 01:19:57 pm »
The threat has a great deal of potential. But I suspect most home users won't notice if their internet-edge-device has been compromised as it won't affect them hugely. After all, I doubt the miscreants behind VPNFilter are interested in redirecting people to phishing sites when they try and do some internet banking.

The creators of VPNFilter look to be backed by the russian state (allegedly) and if that's the case, it is probably more for gaining control of industrial control systems, a purpose for which a foothold in your network could prove useful.

All that said, folk will change their tune if things escalate and the ruskies start intefering with our utilities and infrastructure.