×

Switch Account

VPNFilter malware protection for FiOS routers

VPNFilter malware protection for FiOS routers

SOLVED
Reply
Gold Contributor VII
Gold Contributor VII
Posts: 4,772
Registered: ‎10-18-2016
Message 11 of 41
(8,831 Views)

@jhecht wrote:

The only legible identification on my router is "Fios Quantum Gateway". When I check the instruction manual, it says Verizon automatically handles all firmware updates, and there is no way for users to update. We need information from Verizon to clarify this.


Good luck. Greenwave makes the routers and does the firmware for Verizon.

verizon Fios sends out updates when they feel the need. 

You don’t need clarification from a customer helping customer forum.

1-800-VERIZON call them and see what they say. Choose tech support.

 

Highlighted
Contributor oldmoose
Contributor
Posts: 5
Registered: ‎10-02-2012

Is the FiOS Gateway router susceptible to this issue?

 

05/25/2018 02:22 PM EDT

 

Original release date: May 25, 2018
Systems Affected
  • Small office/home office (SOHO) routers
  • Networked devices
  • Network-attached storage (NAS) devices
Overview

Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.

DHS and FBI encourage SOHO router owners to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by email at CyWatch@fbi.gov. Each submitted report should include as much informaiton as possible, specifically the date, time, location, type of activity, number of people, the type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Description

The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilter malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices. The initial exploit vector for this malware is currently unknown.

The malware uses a modular functionality on SOHO routers to collect intelligence, exploit LAN devices, and block actor-configurable network traffic. The malware can render a device inoperable, and has destructive functionality across routers, network-attached storage devices, and central processing unit (CPU) architectures running embedded Linux. The command and control mechanism implemented by the malware uses a combination of secure sockets layer (SSL) with client-side certificates for authentication and TOR protocols, complicating network traffic detection and analysis.

Impact

Negative consequences of VPNFilter malware infection include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Solution

DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware.

Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions of firmware, which often contain patches for vulnerabilities.

Rebooting affected devices will cause non-persistent portions of the malware to be removed from the system. Network defenders should ensure that first-stage malware is removed from the devices, and appropriate network-level blocking is in place prior to rebooting affected devices. This will ensure that second stage malware is not downloaded again after reboot.

While the paths at each stage of the malware can vary across device platforms, processes running with the name "vpnfilter" are almost certainly instances of the second stage malware. Terminating these processes and removing associated processes and persistent files that execute the second stage malware would likely remove this malware from targeted devices.

ReferencesRevision History
  • May 25, 2018: Initial Version
Contributor bobdg
Contributor
Posts: 1
Registered: ‎05-28-2018
Message 13 of 41
(7,911 Views)

Can you amplify this comment a bit? 
I've had nothing but FIOS provided Actiontec routers since signing up for the serivce in 2007. I understand that Fios also provides the Greenwave Tech router and that the two companies (Greewave Tech and Actiontec) are unrelated, but the way your responses are phrased makes it sound like there is no such thing as an Fios branded Actiontec router. Did Fios stop installing them recently? 

MVP CRobGauth MVP
MVP
Posts: 7,707
Registered: ‎11-04-2008
Message 14 of 41
(7,884 Views)

The MI524 line of rotuers were made by Actiontec.
The latest Quantum routers are made by Greenwave.

I haven't seeny any documentation that says either of these rotuers are succeptible to this issue.

Doesn't mean they aren't,  but no public info I have seen says they are.

If anyone can find info, it would be good to post here.


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
Contributor Squonk
Contributor
Posts: 2
Registered: ‎05-28-2018
Message 15 of 41
(7,646 Views)

I didn't see that Actiontec routers are subject to the malware virus.

 

Anyhow, can someone at Verizon confirm?

MVP CRobGauth MVP
MVP
Posts: 7,707
Registered: ‎11-04-2008
Message 16 of 41
(7,603 Views)

This is a peer to peer support forum.

Won't see a response from Verizon here.

If you have an actiontec, you could try reaching out to them.


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
Contributor FamilyCTO
Contributor
Posts: 1
Registered: ‎05-28-2018
Message 17 of 41
(7,565 Views)

I was on the ActionTec support site and they say all updates for Verizon's routers will be handled by Verizon. ActionTec won't supply them.

Gold Contributor VII
Gold Contributor VII
Posts: 4,772
Registered: ‎10-18-2016
Message 18 of 41
(7,420 Views)

@FamilyCTO wrote:

I was on the ActionTec support site and they say all updates for Verizon's routers will be handled by Verizon. ActionTec won't supply them.


This is something I have repeated over and over on this forum.

Actiontech and Greenwave supply the updates to Verizon. Verizon sends them out if they desire or deem it necessary. 

 

This is also the way verizon wireless did updates. When they were good and ready.

you can see they are doing the same on Fios. You want faster and better updates but a better router like an Asus or Netgear etc.

Contributor emz
Contributor
Posts: 1
Registered: ‎11-28-2013
Message 19 of 41
(6,222 Views)

I just asked tech support, but I think I was only dealing with first level. He told me that firmware is automatically downloaded, but couldn't tell me if any already has. He said there was nothing I could do on my end--it is automatic. I'm surprised there has been no public announcement to Verizon customers. So I don't know how concerned I should be.

Copper Contributor gailq
Copper Contributor
Posts: 6
Registered: ‎09-26-2009
Message 20 of 41
(5,487 Views)

The FBI recently issued a security notice warning that all home and small office routers should be rebooted after Cisco’s Talon groupdiscovered sophisticated Russian-linked “VPNFilter” malware infecting at least 500,000 networking devices.

 

They also suggested a factory reset of the router and loading new firmware. Does Verizon FIOS have any guidelines on how to do that on the various Routers they provide with their service? II have a a Router supplied to support the Quantum service

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.