The FBI is warning of a new threat ^[1] to small office and home office (SOHO) network devices and network access shares (NAS). Cybercriminals have compromised tens of thousands of SOHO devices, including home routers.

A type of malware called VPNFilter is causing the damage. Once cybercriminals have gained access to one of these network devices through VPNFilter, they are able to view, modify, and steal data. In addition, reports suggest criminals have the ability to disable or destroy compromised devices as well.

Some common home and small office routing devices affected include:

• Linksys E1200, E2500, WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
• Netgear DGN2200, R6400, R7000, R8000, WNR1000 & WNR2000
• QNAP TS251, TS439 Pro
• TP-Link R600VPN

The threat may also affect the function of IoT devices (e.g., home security systems, thermostats) that are connected to SOHO devices.

There is currently no easy way to determine if a router has been infected.

If you own one of these devices, you should conduct a factory reset, which typically involves holding down a button in the back for five to 10 seconds. Additionally, the FBI recommends that all SOHO router owners reboot their devices to temporarily disrupt the malware.

Owners should change default passwords on devices and ensure those devices have the most up-to-date software versions, and where applicable disable remote administration. As always, follow any guidelines that are provided by your device’s manufacturer.

You may find more details by clicking on the links below:

• Alert from the U.S. Computer Emergency Readiness Team ^[2] (US-CERT)
• Symantec’s blog post ^[3] about the threat