The FBI released a cybersecurity warning in late May regarding malware originating in Russia. Known as VPNFilter, the government agency is urging anyone who uses a router to connect to the internet to reboot their router.
Since many businesses use routers, the malware poses a serious threat to companies.
"The FBI hasn't made many statements with this level of urgency regarding cybersecurity, so this should be taken very seriously," says Adam Levin, founder of CyberScout, a cybersecurity and identity management company. (He's also the author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.)
"This is the cyber equivalent of a hurricane warning," says Levin. "Precautions are necessary."
"The word malware comes from mal, which means bad, and ware, which refers to software," says Penny Garbus, co-founder of Soaring Eagle Database Consulting and co-author of Mining New Gold—Managing Your Business Data.
"Malware refers to destructive software intrusion," Garbus explains. "It's an attack on the data in your system or an attack on your system. Malware can stop you from using your internet access or equipment, steal your data or lock you out of it.
—Penny Garbus, co-founder, Soaring Eagle Database Consulting
"No company is too small to be attacked," she continues. "Simply emailing a customer or processing payments makes your company vulnerable."
"Hackers and identity thieves use malware to insert themselves into your online affairs," adds Levin. "Malware can target customer data, including financial records, and, in the case of a botnet, it can marshal your computer's processing power and internet connection to help power illegal activities."
Malware as a Cybersecurity Threat
According to the FBI, "cyber actors" working out of other countries (including Russia) have negatively affected hundreds of thousands of routers and other networked devices.
The malware enables hackers to watch and read the traffic that is moving through routers. In the process, they steal data, execute commands, block network traffic and can even "brick" a device, leaving it permanently inoperable.
"The negative effect of malware on company computer systems can be huge," says Avi Chesla, founder and CTO of the cybersecurity company empow. "VPNFilter is a variant of the black energy malware. That means it can, at the very least, do one or all of the following."
- Shut down your company router, which means no internet.
- Create a DDoS (Distributed Denial of Service). This is an overload of a system so that it becomes inoperable to the owners of the system. Your company routers could become hijacked and launch such an attack without your knowledge on an outside organization.
- Redirect your traffic to malicious sites, and then conduct various fraud activities against your company.
- Demand ransom from your company based on the above actions.
Protecting Your Computer Systems From Malware
If you think your system is protected by basic updates and the like, think again.
"Targeting small-business routers with malware circumvents the most common protections applied to laptops and desktops, and most people don't update their router firmware," says Chris Calvert, co-founder and vice-president of product strategy for Respond Software, which provides automated cybersecurity threat protection.
In order to deal with the current potential threat to your router, the FBI advises rebooting your router as soon as possible.
The VPNFilter malware comes in three stages. The first stage consists of the malware waiting in your system for commands for malware downloads.
In the second stage after the downloads, the malware begins exploiting the device and doing harm. And in the third stage, the malware becomes harder to track and better at stealing information.
If your computer system has already been compromised and is in stage one, rebooting will disrupt the second and third stages. Doing this allows the FBI and your internet service provider time to curtail and hopefully remediate the situation.
"To reboot, call your Internet service provider [ISP] or go on the ISP's website, where you should find rebooting instructions," says Garbus.
After rebooting, it's suggested that you disable remote management settings on devices and make sure that the router has new, strong passwords. Enable encryption when possible and update the router with the latest version of firmware.
Other Cybersecurity Tips for Protecting Against Malware
"While having anti-virus and anti-malware software and making sure they are appropriately updated are good protective measures, these tactics don't provide complete protection," says Levin. "Hackers work around the clock to find new ways to defeat them."
Here are seven more cybersecurity steps you can take to protect your computer system.
1. Be hyper aware and vigilant. "Don't click okay without reading the prompt," advises Levin. "Also be wary of downloads that require installation and email attachments. Confirm with the sender that the attachment is legit."
2. Practice good cyber hygiene. "Use long and strong, unique passwords, install a firewall and log out of websites when you're no longer using them," says Levin. "Also make sure the software on your devices is up to date."
3. Use hardware and software firewalls. "If your company is dealing with customer data, you should have both," says Garbus. "The same holds true if your company has a lot of financial data passing through the internet."
4. Require documentation from offsite employees. "Ask remote users to share all of their certificate information with your company cybersecurity expert," says Garbus.
5. Back up all company data. Use a document storage environment and back up software or hardware data.
6. Get expert assistance. "Don't trust your internet provider to be your only guardian. Consider hiring a professional to add more layers of protection," says Garbus. "When you do, ask a lot of questions. Have the cybersecurity professional write up processes and procedures and information on access. Get a description of your firewall settings. Also learn the process for rebooting the firewall."
7. Reboot regularly. "The hardware firewalls and routers need maintenance," says Garbus. “It's good practice to reboot the system once a week."
Read more articles on cybersecurity.