About Us | Contact Us
View Cart

Don’t Believe Your Eyes: Router-Based Malware Can Change Website Data

By Vigilize | Sunday, June 10, 2018 - Leave a Comment

Previously thought to be designed to deliver a DDoS attack, VPNFilter can alter data in transit and change what you see on your screen.


An article review.


ServIcons_ITAudit_01

Initially, researchers thought that a new piece of router-based malware called VPNFilter was a relatively simple tool for directing and implementing a distributed denial of service (DDoS) attack. Cleaning the malware out seemed similarly easy: the FBI recommended owners of vulnerable router models simple reboot their equipment. However, a closer look at the malware, as revealed in a Talos Intelligence blog entry submitted by our friend Wes Pollard, showed that VPNFilter was much more sophisticated than expected.

While rebooting equipment did appear to wipe out VPNFilter, it was discovered that the initial code that installs the exploit remains active, waiting for instructions on where to download the rest of the malware package. Additional functionality was also discovered in one of the malware’s “modules,” including code that looks for and captures certain data in network traffic, along with changing data that is being requested from a website.

In theory, this functionality could potentially allow an attacker to both capture banking credentials, and present a false account balance so the user would not realize their account was being drained. The malware could also use this capability to hide evidence of its existence in web-based device status pages, or show certain security functions as being activated when they are not.

For now, there have been no reports of this aspect of VPNFilter’s functionality being used in the wild, but it shows how the focus of malware is evolving as attacks become more sophisticated. It also serves as a reminder that even home and small business routers are computers that can be infected just like any other system–and that a compromised router can do far more damage than simply taking you offline.


Original article by Talos Intelligence.


same_strip_012513


 

Latest News
    PRESS RELEASE – FOR IMMEDIATE RELEASE SERVICE NEWS Dateline: Dayton, IN, June 22, 2022 We are proud to announce that infotex will now be supporting Endpoint Detection and Response (XDR/MDR)! We can manage/monitor solutions you already have or offer one as part of our service while still maintaining a segregated response posture. In recent years […]
    Over 85 percent of surveyed companies report having no  centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government.  […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    We always strive to bring you the best content that we possibly can. Your opinion on any content, presentation, service, or anything else you have received from us is important! Please click the button below to let us know how we are doing!  
    What to Expect in an Annual Information Security Report to the Board Webinar-Movie Information security ranks as a top risk to financial institutions, both in terms of likelihood and overall impact. It is important that boards receive annual comprehensive reporting from management about the information security risks and incidents, and the actions taken to address […]
    The Five Precepts of IT Vendor Management Webinar-Movie We’re going back to basics on Vendor Management. This webinar will give you a training tool to help out that new person that is starting to take on the gargantuan task that is Vendor Management.
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    The joint cybersecurity advisory includes the 15 most exploited vulnerabilities reported in 2021… An article review.  While a lot of attention is focused on previously undisclosed or “zero day” attacks, some of the most likely attack vectors are vulnerabilities that have been widely known for weeks or even months.  That’s according to a new joint […]
    Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home.  While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]