Hundreds of thousands of routers are being prepared for a cyber attack



A newly discovered network of routers and pirated storage devices could be used to launch a mbadive cyberattack or to disconnect hundreds of thousands of Internet users.

Cisco Systems
[1945900] Inc.


CSCO 0.07%

and US authorities. UU And Ukraine warned on Wednesday.

An attack could be scheduled for the final match in the UEFA Champions League competition on Saturday in Kiev, according to security researchers and Ukrainian authorities.

More than half a million devices in 54 countries are now infected with sophisticated software called VPNFilter that can install other software or even internal changes that make devices unusable, according to

Craig Williams,

a security researcher with Cisco.

The network had grown quietly since 2016, but it expanded rapidly into Ukraine around May 8, with systems in the country that now make up about half of the infected machines on the network, Williams said. [19659005] "They are clearly targeting Ukraine," he said. "The fact that we saw this developing so quickly is evidence that something is being planned."

Ukrainian authorities, in a statement, said they believe this could be a precursor to Russia's cyber attack against the Champions League final.

A representative of the Ukrainian consulate in Washington, DC, did not respond to requests for further comment.

Ukraine blamed Russia for a wave of disruptive cyber attacks that shut off electricity and hacked computers across the country in the past three years. Ukraine is the main target of the Petya computer virus last year, cybersecurity researchers believe, an attack launched shortly before a national holiday to celebrate the adoption of the Constitution of Ukraine.

Earlier this year, the US authorities UU And the United Kingdom blames Russia for the Petya outbreak. Russia called the accusations "baseless."

According to the code used by the VPNFilter hackers, and the fact that the latest infections have focused on Ukrainian targets, Cisco believes that the new network may be related to previous incidents. "It is far from being 100 per cent. sure cent, "said Mr. Williams.

It is not clear what comes next, say researchers and authorities. But VPNFilter has the ability to install software that can steal sensitive information from the network, such as pbadwords or even data at power plants or computers at the factory, Williams said.

Whoever built the network could launch a new virus such as Petya, attack power plants or disrupt computer systems connected to the next game of the Champions League, Williams said. After a cyber attack, the creators could cover their steps by erasing the software from the infected device, effectively leaving hundreds of thousands of people without Internet access, he said.

"The reality is that this attacker has unlimited options," Williams said. He said.

According to Cisco, the VPNFilter malware affects certain Linksys routers built by Belkin International Inc., as well as some built by

Netgear
Inc.,


NTGR -2.18%

SIA Mikrotīkls (MikroTik) and TP-Link Technologies Co. and some storage devices built by QNAP Systems, Inc.

Many of these devices You can take control using familiar known attacks or predetermined administrative pbadwords, said Mr. Williams.

Netgear and TP-Link published a security advisory on Wednesday saying that companies are investigating the VPNFilter malware. They advised users to update the software of their routers and avoid using the default pbadwords.

The other device manufacturers did not respond immediately to requests for comments.

The US Department of Homeland Security UU He issued a warning on VPNFilter on Wednesday, saying the software "has the potential to cut off Internet access for hundreds of thousands of users."

After years of focusing on personal computers, hackers have increasingly turned to the so-called Internet of Things: routers, storage devices, video recorders and other devices connected to the Internet, which usually do not run antivirus software and that can often be accessed using default usernames and pbadwords.

In 2016, a network of approximately 300,000 infected devices caused widespread Internet disruption in the United States by launching a mbadive online attack against an Internet service provider.

Write to Robert McMillan at [email protected]

.


Source link