About Us | Contact Us
View Cart

Don’t Believe Your Eyes: Router-Based Malware Can Change Website Data

By Vigilize | Sunday, June 10, 2018 - Leave a Comment

Previously thought to be designed to deliver a DDoS attack, VPNFilter can alter data in transit and change what you see on your screen.


An article review.


ServIcons_ITAudit_01

Initially, researchers thought that a new piece of router-based malware called VPNFilter was a relatively simple tool for directing and implementing a distributed denial of service (DDoS) attack. Cleaning the malware out seemed similarly easy: the FBI recommended owners of vulnerable router models simple reboot their equipment. However, a closer look at the malware, as revealed in a Talos Intelligence blog entry submitted by our friend Wes Pollard, showed that VPNFilter was much more sophisticated than expected.

While rebooting equipment did appear to wipe out VPNFilter, it was discovered that the initial code that installs the exploit remains active, waiting for instructions on where to download the rest of the malware package. Additional functionality was also discovered in one of the malware’s “modules,” including code that looks for and captures certain data in network traffic, along with changing data that is being requested from a website.

In theory, this functionality could potentially allow an attacker to both capture banking credentials, and present a false account balance so the user would not realize their account was being drained. The malware could also use this capability to hide evidence of its existence in web-based device status pages, or show certain security functions as being activated when they are not.

For now, there have been no reports of this aspect of VPNFilter’s functionality being used in the wild, but it shows how the focus of malware is evolving as attacks become more sophisticated. It also serves as a reminder that even home and small business routers are computers that can be infected just like any other system–and that a compromised router can do far more damage than simply taking you offline.


Original article by Talos Intelligence.


same_strip_012513


 

Latest News
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
    Four Conditions … …For Why a Network Can be Anything But a Network! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I have to admit that infotex is being called into engineering meetings with larger organizations these days that are NOT community based banks.  We […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
    Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of  IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Many organizations still fail to consider the unique risks posed by cloud computing… An article review. Last month thousands of Western Digital MyCloud device owners learned about the risks of cloud-based solutions the hard way: their data had been wiped remotely due to a flaw in the internet-facing component of their external hard drives. While […]
    infotex does not use Kaseya… We are protecting our Clients! Another blog post meant to inspire thought about IT Governance . . . . To all infotex managed security service Clients: As you may be aware there was a large ransomware attack recently that leveraged a remote management tool called Kaseya that is used by many […]
    While we’re not a news service, we often use current events to comment on trends and our services. This blog is intended to get people thinking about topics and trends in Technology Risk Management, through our article reviews, as well as through original blog articles about current events and our MSSP services (such as our […]