Hundreds of Thousands of Routers Are Being Primed for a Cyberattack
May 23 2018 - 5:53PM
Dow Jones News
By Robert McMillan
A newly discovered network of hacked routers and storage devices
could be used to launch a massive cyberattack or knock hundreds of
thousands of internet users offline, Cisco Systems Inc. and
authorities in the U.S. and Ukraine warned Wednesday.
An attack could be timed to the final match in soccer's UEFA
Champions League competition taking place Saturday in Kiev,
according to security researchers and Ukrainian authorities.
More than half a million devices across 54 countries are now
infected with sophisticated software called VPNFilter that can
install other software or even internal changes that render the
devices unusable, according to Craig Williams, a security
researcher with Cisco.
The network had grown quietly since 2016 but expanded rapidly
within Ukraine around May 8, with systems in the country now making
up about half of the infected machines on the network, Mr. Williams
said.
"They're clearly targeting Ukraine," he said. "The fact that we
saw this being spun up so quickly is evidence that something is
being planned."
Ukrainian authorities, in a statement, said they believe this
could be a precursor to a cyberattack by Russia targeted to the
Champions League final.
A representative from the Ukrainian consulate in Washington,
D.C., didn't respond to requests for further comment.
Ukraine has blamed Russia for a wave of disruptive cyberattacks
that have shut down electricity and hacked computers across the
country over the past three years. Ukraine was the main target of
last year's Petya computer virus, cybersecurity researchers
believe, an attack launched shortly before a national holiday
celebrating the adoption of Ukraine's constitution.
Earlier this year, authorities in the U.S. and U.K. blamed
Russia for the Petya outbreak. Russia has called the accusations
"baseless."
Based on the code used by the VPNFilter hackers, and the fact
that the latest infections have focused on Ukrainian targets, Cisco
believes the new network may be related to the previous incidents,
though "it is far from 100 percent certain," Mr. Williams said.
It is unclear what comes next, researchers and authorities say.
But VPNFilter has the capabilities to install software that can
steal sensitive information from the network such as passwords or
even data on power plants or factory-floor computers, Mr. Williams
said.
Whoever built the network could launch a new virus like Petya,
attack power plants or disrupt computer systems connected to the
coming Champions League game, Mr. Williams said. After a
cyberattack, the creators could cover their steps by wiping out the
infected device's software, effectively leaving hundreds of
thousands of people without internet access, he said.
"The reality is, this attacker has limitless options," Mr.
Williams said.
According to Cisco, the VPNFilter malware affects certain
Linksys routers built by Belkin International Inc. as well as some
built by Netgear Inc., SIA Mikrot kls (MikroTik), and TP-Link
Technologies Co. and some storage devices built by QNAP Systems,
Inc.
Many of these devices can be taken over using known well-known
attacks or default administrative passwords, Mr. Williams said.
Netgear and TP-Link published a security advisories Wednesday
saying the companies are investigating the VPNFilter malware. They
advised users to update their routers' software and to avoid using
the default passwords.
The other device makers didn't immediately respond to requests
for comment.
The U.S. Department of Homeland Security on Wednesday issued a
warning about VPNFilter, saying that the software "has the
potential to cut off internet access for hundreds of thousands of
users."
After years of focusing on personal computers, hackers have
increasingly turned to the so-called Internet of Things -- routers,
storage devices, video recorders and other internet-connected
devices -- that don't typically run antivirus software and are can
often be accessed using default usernames and passwords.
In 2016, a network of about 300,000 such infected devices caused
a widespread internet outage in the U.S. by launching a massive
online attack against an internet service provider.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
May 23, 2018 17:38 ET (21:38 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Cisco Systems (NASDAQ:CSCO)
Historical Stock Chart
From Mar 2024 to Apr 2024
Cisco Systems (NASDAQ:CSCO)
Historical Stock Chart
From Apr 2023 to Apr 2024