Australian users need to be aware of VPNFilter malware, which is known to affect networking equipment including Linksys, MikroTik, Netgear and TP-Link, as well as QNAP network-attached storage (NAS) devices.
Once a malicious actor compromises a device using VPNFilter malware, they are able to collect network traffic (including website credentials) traversing the device. Importantly, the malware can also be used to disable the device.
The ACSC recommends that Australian users of these devices take the following actions to protect themselves against this activity:
- Update your network devices to the latest available version of firmware. Updates are typically not automatic and users should visit the manufacturers website for specific information on how to apply updates.
- Disable network device management interfaces, such as Telnet, SSH, Winbox and HTTP/S, on WAN interfaces. If you require remote management of the router, ensure you use a complex password and a protocol that supports encrypted remote connections, such as SSH and HTTPS.
- Remember to change your router default log-in password during the initial setup.
The ACSC also encourages users and administrators to review the Cisco blog post on VPNFilter for additional information on the VPNFilter malware.