VPN Filter malware: Linksys,Mikrotik,Netgear,Qnap,TP-Link,Asus,D-Link,Huawei,Ubiquity,ZTE

FBI VPN Filter Kötü Amaçlı Yazılım Uyarısını Yayınladı!



YABANCI SIBER AKTÖRLER DÜNYADAKI EV VE OFIS YÖNLENDIRICILERI VE AĞ CIHAZLARINI HEDEFLIYOR.

FBI, küçük ofis ve ev ofisleri yönlendiricilerinin herhangi bir sahibini cihazların güç döngüsünü (yeniden başlatma) önermektedir. Yabancı siber aktörler, dünya çapında yüzbinlerce ev ve ofis yönlendiricisini ve diğer ağ aygıtlarını tehlikeye attılar. Oyuncular, küçük ofis ve ev ofis yönlendiricilerini hedeflemek için VPNFilter kötü amaçlı yazılım kullandılar. Kötü amaçlı yazılım, olası bilgi toplama, cihaz kullanımı ve ağ trafiğini engelleme gibi çeşitli işlevleri gerçekleştirebilir.

TEKNIK DETAYLAR
VPNFilter'in kötü amaçlı yazılımından etkilenen altyapının boyutu ve kapsamı önemlidir. Kötü amaçlı yazılım, birkaç üretici tarafından üretilen yönlendiricileri ve ağa bağlı depolama aygıtlarını en az bir üretici tarafından hedefler. Bu kötü amaçlı yazılımın başlangıç ​​bulaşma vektörü şu anda bilinmemektedir.

TEHDIT
VPNFilter, küçük ofis ve ev ofis yönlendiricilerini çalışmaz hale getirebilir. Kötü amaçlı yazılımlar, potansiyel olarak yönlendiriciden geçen bilgileri de toplayabilir. Kötü amaçlı yazılımın ağ etkinliğinin tespiti ve analizi, şifreleme ve yanlış yönlendirilebilir ağların kullanımıyla karmaşıklaşmaktadır.

SAVUNMA
FBI, kötü amaçlı yazılımları geçici olarak bozmak ve virüs bulaşmış cihazların olası tanımlanmasına yardımcı olmak için küçük ofis ve evden çalışan yönlendiricilerden herhangi birinin cihazlarını yeniden başlatmasını önerir. Kullanıcılara, cihazlarda uzaktan yönetim ayarlarını devre dışı bırakmayı ve etkin olduğunda güçlü şifreler ve şifreleme ile güvenlik sağlamayı düşünmeleri önerilir. Ağ cihazları, mevcut en yeni ürün yazılımı sürümlerine yükseltilmelidir.

FBI'ın yayınladığı VPNFilter malware uyarısına aşağıdaki linkten ulaşabilirsiniz
http://siberreal.com/fbi-vpn-filter-kotu-amacli-yazilim-uyarisini-yayinladi/869/


VPNFilter malware targets ASUS and DLINK routers now also and injects code into WWW

A week or two ago we reported about VPNFilter malware. A command and control server was recently caught by the FBI, however now it malware appears to target new router types and does so with new features, injecting malicious code into network traffic.

Two weeks ago we reported that devices affected by the malware called VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. While most manufacturers have issued a solve. New to the list are Asus, D-Link, Huawei and ZTE. While the control server was captured, it is still possible to communicate with infected machines possibly hundreds of thousands.

Here is Talos on the topic, have a read here for the comprehensive report:https://blog.talosintelligence.com/2018/05/VPNFilter.html

First, we have determined that additional devices are being targeted by this actor, including some from vendors that are new to the target list. These new vendors are ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-Link. Our research currently shows that no Cisco network devices are affected. We've provided an updated device list below.

We have also discovered a new stage 3 module that injects malicious content into web traffic as it passes through a network device. At the time of our initial posting, we did not have all of the information regarding the suspected stage 3 modules. The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user's knowledge). With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports. We provide technical details on this module, named "ssler" below.

Additionally, we've discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable. Analysis of this module, called "dstr," is also provided below.

We obviously recommend you to install the latest firmware on your Router and internet connected NAS units. Here is a table displaying all currently known devices susceptible to infection, in bold the new additions.


http://www.guru3d.com/news-story/vpnfilter-malware-targets-asus-and-dlink-routers-now-also-and-injects-code-into-www.html

Malware Spreading Through Linksys, Netgear, TP-Link routers and QNAP NAS
There is a report going viral at the moment, a new aggressive malware dubbed VPNFilter is spreading rapidly. Cisco is spreading the news that already over half a million devices in at least 54 countries already have been infected.

While the list may not be complete, the known devices affected by the malware called VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. While we're always a bit careful pointing fingers, I'll just quote Cisco; "Cisco’s Talos cyber intelligence unit has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow".

VPNFilter allows hackers to access infected computers and devices. Then, according to Cisco, they can be used for espionage or the execution of attacks (DDoS) on other computers and networks. It is not yet clear how the devices precisely become infected however most routers and NAS servers targeted, particularly run older versions of OS software and/or have known public exploits or default credentials that make compromise relatively straightforward.

Routers from Linksys, Mikrotik, Netgear and TP-link and NAS systems from Qnap are most susceptible, Cisco recommends that users restore the devices to the factory settings to remove the malware. We obviously recommend you to install the latest firmware on your Router and internet connected NAS units.http://www.guru3d.com/news-story/aggressive-malware-spreading-through-linksysnetgeartp-link-routers-and-qnap-nas.html
https://www.reuters.com/article/us-cyber-routers-ukraine/u-s-seeks-to-take-control-of-infected-routers-from-hackers-idUSKCN1IO1U9?utm-source=Twitter&utm-medium=Social

https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html#more

arm tabanlı cihazlardaki spactre açığınıda unutmamak lazım tabi.