Threat Intelligence Report: VPNFilter Malware

Threat intelligence is an elusive concept. Cyber-security vendors have developed numerous definitions for it based upon different procedural viewpoints. As a result, the key concept and principle of threat intelligence is explaining the role it plays within cyber-security and network defence, while offering advice and best practice. This will equip the reader with a basic understanding of the benefits of threat intelligence and the importance of investing effort and
resources into responding to it.

A definition of Threat Intelligence:
[It is] evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

Name of Exploit
VPNFilter

Type of Exploit
Malware, Command and Control, Hardware Hijacking, Credential Stealer

How Exploit is Spread
Infected devices scan the internet looking for other devices running older and unpatched firmware. These then use a range of public exploits or default credentials to access the device and implant the malware on the victim’s router.

Global Risk
High – This malware particularly targets devices in Ukraine and Russia, but it has been reported that more than 500.000 devices in over 54 countries have been infected. The malware being a multi-platform and multi-phase exploit, it has a diverse range of capabilities which include credentials stealing, traffic injection and rendering the device unusable.

Download the full report

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s