FBI Router Reboot Recommendation

Comment

FBI Router Reboot Recommendation

FBI Router Reboot Recommendation

By: Chuck Davis

@ckdiii

www.ckd3.com

As I am sure you have heard, the FBI is recommending that anyone with a home router or small office router, reboot them. If you are not familiar with this FBI recommendation, then there are a few links at the end, to get you up to speed.

The reason for the FBI's reboot recommendation is that a piece of malware, named VPNFilter, has infected hundreds of thousands of routers all across the Internet. Rebooting an infected router forces the malware to reload which will initiate an attempted connection to malware command and control (C&C) servers. The FBI has already taken control over some, if not all of the C&C servers so the reloading of the malware will do two things. 

  1. It will flush it from actively running on your router.
  2. When an infected router tries to connect to the C&C servers (taken over by the FBI) it will let the FBI know which, and how many systems are infected.

An alternative and possibly better solution, is to reset your router to factory defaults, then set it up again as if it was new. This is usually accomplished by pushing a button on the router with a paperclip. Check your router documentation to learn how to do this.

ROUTER SET UP STEPS

Be sure you do the following things when you set up any small office/home office (SOHO) router.

  1. Change the default administration password to something long and strong. A passphrase or sentence e.g. "My passphrase is 100x better than yours!" (Yes, you can likely use spaces in your passphrase)
  2. Change the default SSID. You don’t need to make it difficult, just make it unique. Hackers love default values so make sure you change it. Something like changing “Netgear” to “StreetNet100” Stay away from a name that identifies you.
  3. Change the default wifi password. This is the password that devices need to know to join your wireless network. 
  4. Use WPA2. WPA2 is the standard for encrypting WiFi connections. Never use "no encryption", WEP or WPA
  5. Upgrade your router firmware!!!
  6. Turn off remote administration. You likely do not need to log into your router from the Internet, so turn it off. 
  7. Turn of WI-FI Protected Setup (WPS). This makes it push-button easy to add devices to your wifi router. It’s also super easy to hack!
  8. DNS: If you are feeling bold and ambitious, you can change the DNS that your router uses (and the devices that connect to it) to something that adds some security features. By default, your router will use your ISP’s DNS. However, you can change it to anything you want. I would recommend 9.9.9.9 because it filters out know malware servers, and/or 1.1.1.1 and 1.0.0.1 which is fast, and promotes privacy. (links below to learn more)
  9. Disable Universal Plug and Play (UPnP) unless you know you need it but in any case, make sure it is not accessible from the Internet.
  10. Once you are done with all of this. Run the ShieldsUp! tool to see if your router looks to be vulnerable from the outside. https://www.grc.com/shieldsup 

BONUS TIP: For those of you who are a bit more adventurous and/or paranoid, you might try the three router configuration for your home network. This is where you put two routers behind your main router. One is for IoT devices and the other is for your computers, phones, backup drives, etc. This architecture creates network segmentation between the IoT devices and the devices that hold your data.

If you are in the market for a new router, I would recommend the Amplifi router for most people. https://amplifi.com/ 

References:

https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/

https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html

https://www.pcmag.com/news/361373/malware-that-can-brick-wi-fi-routers-hits-500-000-devices 

https://1.1.1.1/

https://www.quad9.net/

https://www.grc.com/shieldsup 

 

Comment

Anatomy of a Phishing Attack

Comment

Anatomy of a Phishing Attack

Phishing is the use of social engineering to obtain personal information for the purposes of identity theft. Phishing typically comes in the form of an email, disguised to look as if it was sent by a trusted source, and requesting personal information or authentication credentials.

As the tools to detect phishing become more effective, the phishing attacks themselves are becoming increasingly advanced and more difficult to identify.

This paper will show how a recent phishing attack from October 31, 2012, is representative of the type of attack that is not detected by spam filters and is likely to trick many recipients. 

Comment