VPNFilter ft. Bryon Singh, RailWorks Corporation

VPNFilter ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On April 03, 2024

If you think hackers are only trying to get to your Windows machines, well, you’re wrong. In May 2018, the cybersecurity world was rocked by the discovery of VPNFilter, a highly sophisticated and destructive piece of malware that targeted routers and network-attached storage devices across the globe. Identified by Cisco's Talos Intelligence Group, VPNFilter highlighted a critical vulnerability in the very backbone of our internet infrastructure, affecting devices from well-known manufacturers, including Linksys, MikroTik, NETGEAR, and TP-Link, among others. This malware not only compromised the privacy and security of countless internet users, but also served as a stark reminder of the importance of keeping network infrastructure up-to-date.

VPNFilter was not a run-of-the-mill malware. It exhibited complex capabilities, including data theft, device exploitation for coordinated attacks, and the potential to render infected devices completely inoperable. Its persistence across device reboots—a feature not commonly seen in router-based malware—made it particularly menacing. With the ability to infect over half a million devices worldwide, VPNFilter underscored the global nature of cybersecurity threats and the ease with which outdated systems can be exploited.

The VPNFilter malware served as a wake-up call to the world about the vulnerabilities in network infrastructure and the catastrophic potential of sophisticated malware. It reinforced a fundamental cybersecurity principle: the need to keep network infrastructure up-to-date.

Outdated network infrastructure is like a creaky old door, it's an entry point just waiting for cybercriminals to exploit. CIS Safeguard 12.1 stresses the importance of keeping your network devices up to date.

Consider the following:

  • Security Patching: Regular software updates for routers, switches, firewalls, and other devices are crucial for fixing security vulnerabilities. Neglecting updates leaves you exposed to potential threats.
  • Enhanced Security: Updates often introduce new security features that strengthen defenses and deter cyber attackers.
  • Improved Performance: Updates not only address security issues, but enhance device performance, ensuring smooth and reliable network operations.

Action Steps:

  • Conduct Inventory: Maintain an updated inventory of network devices to ensure all are accounted for.
  • Develop a Patching Plan: Establish a systematic patching schedule, prioritizing critical systems for immediate attention.
  • Test and Automate: Test updates in a controlled environment before deployment and consider implementing automation tools to streamline the patching process.

Unfortunately, the fine folks at the Center for Internet Security have not completed this policy template. Feel free to join the CIS Controls Community to see how you can help.

Here are some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 12 – Network Infrastructure Management

Establish, implement, and actively manage (track, report, correct) network devices, in order to prevent attackers from exploiting vulnerable network services and access points.

Implementation Group 1

CIS Safeguard 12.1 - Ensure Network Infrastructure is Up-to-Date

Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.