MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

The-Ultimate-Guide-to-Success-in-Managed-IT-Services

Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

FBI Issues Cyber Attack Warning to US Businesses

Posted May 25, 2018by Brian Downey

FBI-Issues-Cyber-Attack-Warning-to-US-Businesses

On Friday, the FBI issued a formal warning about a cyber attack that has the potential to compromise hundreds of thousands of home and small office routers worldwide.

As an MSP servicing small- and medium-sized businesses, your clients could be affected. This post will cover what MSPs need to know about this cyber attack warning, as well as how you should handle the issue with your clients.

The Potential Threat

A warning was issued by the FBI about a new type of malware, known as VPNFilter, that targets consumer grade routers manufactured by Linksys, Netgear, MicroTik, and TP-Link as well QNAP network-attached storage devices. The malware is very difficult to detect due to the fact that these devices do not generally include native security software and are directly connected to the Internet. As of now, the analysis of the malware is preliminary in nature, and the complete list of impacted devices is not yet known.

Defensive Measures

To defend against this potential attack, here is what the FBI recommends, taken from their PSA alert issued on Friday, May 25:

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

In general, the following steps should be taken for network devices and routers, even if they are not known to be vulnerable to VPNFilter:

  1. Ensure that the default login credentials for the device have been changed
  2. Verify that the ability to remotely manage the device is either disabled or restricted to trusted IP addresses
  3. Update the device to the latest version of firmware available from the manufacturer

The MSP Takeaway

With the exposure of this threat actor, and the fact that law enforcement has seized the infrastructure used to carry out and control this malware, the likelihood of a destructive attack being carried out is low. As an MSP, however, you should personally take (or prompt clients to take) the steps listed above for all network devices, even if they are not explicitly named in the advisories. Unless you mitigate the original vulnerabilities, there will be nothing stopping a different threat actor from launching a similar attack campaign.

If you or your clients have reason to believe a network device has been infected, contact the manufacturer for specific steps to remediate the issue. In general, a reset of the device back to the factory default settings and/or a firmware update will be required to remove the malware, so be sure to not make of any configuration parameters prior to performing the remediation.

 

We will continue to update this story as it develops.

As Senior Director of Product Management at Continuum, Brian is responsible for the overall security solution strategy. He has spent the past 15 years in various product and business strategy roles at several of the world’s most successful technology companies, most recently driving the initial creation and introduction of BMC Software’s new security product line. Brian is passionate about developing and delivering solutions that allow small- and medium-sized businesses to effectively secure their environments. Brian has a computer science degree from University of Massachusetts Amherst, an M.B.A. from Babson College and is currently finishing his Doctorate in Business Administration from Temple University. Brian lives just outside Boston with his wife and three kids between the ages of three and seven.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus