More from: MikroTik

From Russia with Love? Your Home Firewall may be spying on you.

There was a concern when electric meters were modernized to allow remote reading that the meters were really being modified by insidious dark forces to  spy on homeowners. There was even a joke that went something like:

My wife asked me why I was carrying my gun around the house. I told her “Decepticons”. She laughed. I laughed. The toaster laughed. I shot the toaster. Good times.

There is a lot of truth in humor: sometimes more than we want to admit.

The router brands that almost everyone uses to connect to their Internet utility could now be part of a widespread hacked Internet of Things (IoT) network known as VPNFilter. For now it is thought to be targeting Ukraine but there are over half a million hijacked routers so far. The hack installs itself and cannot be removed by rebooting the router. This is a VERY GOOD REASON to change your old LinkSys router to use the (free) OpenWrt Project instead of the factory supplied LinkSys OS and deny access to control the router from outside your LAN. At the least, you can read up on the OpenWRT project web site to understand more about how software is installed in your router, and how to restore your router to its factory original state.

People install OpenWrt because they believe it works better than the stock firmware from their vendor. They find it is more stable, offers more features, is more secure and has better support.

This just in email from DarkReading.com

More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon

So far, the infected devices that make up the backbone of VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link home routers and QNAP network-attached storage (NAS) devices.

Cisco stopped short of naming Russian state-sponsored hackers as the attackers behind VPNFilter, but also didn’t rule it out, especially with the BlackEnergy connection and Ukraine-specific attack network. “The code overlap we saw was an exact copy, including even an error,” Williams says.

The entire article can be found at https://www.darkreading.com/threat-intelligence/destructive-vpnfilter-attack-network-uncovered/d/d-id/1331886