Malware has infected half-a millionrouters in homes and businesses around the world, and that malware is vicious enough to destroy the devices with a single command.
According to an announcement from Cisco on Wednesday, the malware can collect communications and launch attacks on others.
The scale and type of attack are concerning, Cisco said. It is not known how many in the U.S. have been attacked. The announcements says the Ukraine has been the hardest hit region so far.
"Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues."
The malware can steal website credentials and perform destructive cyber attacks, the announcement states.
"The malware can also be leveraged to collect data that flows through the device. This could be for straightforward data-collection purposes, or to assess the potential value of the network that the device serves," the announcement says."If the network was deemed as having information of potential interest to the threat actor, they may choose to continue collecting content that passes through the device or to propagate into the connected network for data collection."
How to protect your router
Cisco recommends:
Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
Read more of this announcement here.