Cisco Warns of Huge Hacked Network Primed for Cyberattacks

Cisco Systems and U.S. and Ukrainian authorities have warned that a network of half a million routers and storage devices has been hacked and is capable of a massive cyberattack. Security researchers said that the attack could take place during soccer’s UEFA Champions League’s final match on Saturday in Kiev. The devices, in 54 countries, are infected with VPNFilter malware that can shut them down, said Cisco security researcher Craig Williams. The U.S. government is working to reclaim control of the infected servers.

The Wall Street Journal reports that, according to Williams, “the network had grown quietly since 2016 but expanded rapidly within Ukraine around May 8, with systems in the country now making up about half of the infected machines on the network.”

Cyber_Security_Graphic

Previously, Ukraine blamed Russia “for a wave of disruptive cyberattacks that have shut down electricity and hacked computers across the country over the past three years,” including the Petya computer virus last year. U.S. and U.K. authorities also blamed Russia for that Petya attack. Williams said that this current hacked network may be connected to these previous incidents but “it is far from 100 percent certain.”

VPNFilter installs software “that can steal sensitive information from the network such as passwords or even data on power plants or factory-floor computers,” meaning any such attacks are possible. After an attack, the hackers can wipe out the software, “effectively leaving hundreds of thousands of people without Internet access,” said Williams.

“The reality is, this attacker has limitless options,” he said. VPNFilter malware can affect some Linksys, Netgear, MicroTik and TP-Link Technologies routers, and QNAP Systems storage devices.

Reuters reports that, “a federal judge in Pennsylvania gave the FBI permission to seize an Internet domain that authorities charge a Russian hacking group known as Sofacy was using to control infected devices.” With the order, they can “direct the devices to communicate with an FBI-controlled server, which will be used to query location to pass on to authorities around the globe who can remove malware from infected equipment.”

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” said assistant attorney general for national security John Demers.

After releasing its report, “Cisco shared technical details with the United States and Ukraine governments as well as rivals who sell security software, hardware and services.” So far, “Netgear and Linksys advised customers to make sure their routers are patched with the latest version of its firmware.” Russia has denied that it runs a global hacking program.

Related:
U.S. Seeks to Take Control of Infected Routers From Hackers, Reuters, 5/23/18