• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Security

WatchGuard firewall admins warned that new malware targets the devices

Howard Solomon by Howard Solomon
March 21, 2022
in Security
0 0
0
WatchGuard firewall admins warned that new malware targets the devices

Administrators of WatchGuard firewalls are being warned to search for signs of compromise on the devices after the publication of a report of malware distributed by a threat group believed to be run by Russian army intelligence.

The report, issued this week by U.S. and U.K. cyber intelligence agencies, said the group known as Sandworm (also called APT28, or Voodoo Bear by some researchers) has been quietly deploying what has been dubbed Cyclops Blink malware through a botnet of exploited network devices including small office/home office (SOHO) routers and network-attached storage (NAS) devices.

Cyclops Blink is a replacement for similar malware called VPNFilter.

VPNFilter and its botnet were exposed in 2018 by researchers at Cisco Systems’ Talos threat intelligence service. The U.S. Justice Department then announced an effort to disrupt VPNFilter and what it called a global botnet of hundreds of thousands of infected home and office (SOHO) routers and other networked devices.

According to the new U.S./U.K. report, Cyclops Blink has been deployed since at least June 2019, 14 months after VPNFilter was disrupted.

“In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread,” the report adds. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” Only WatchGuard devices that were reconfigured from the manufacturer’s default settings to open remote management interfaces to external access could be infected, the report says.

The report calls the malware sophisticated and modular, with basic core functionality to beacon device information back to a server and enable files to be downloaded and executed. After initial exploitation of a device, Cyclops Blink is generally deployed as part of a fake firmware update.

The report says WatchGuard has created tooling and guidance to enable detection and removal of Cyclops Blink on WatchGuard devices through a non-standard upgrade process. Device owners should follow each step in these instructions to ensure that devices are patched to the latest version and that any infection is removed.

WatchGuard said that, based on its own investigation, work done with Mandiant, and information provided by the FBI, there is no evidence of data exfiltration from WatchGuard or its customers. WatchGuard firewall appliances are not at risk if they were never configured to allow unrestricted management access from the Internet, it adds.

Because Cyclops Blink can be reconfigured to attack many devices, the intelligence agencies issued the following advice it IT administrators, which applies to protecting against any malware:

  • do not expose management interfaces of network devices to the internet;
  • apply security patches promptly;
  • use multi-factor authentication on network devices to reduce the impact of password compromises;
  • tell staff how to report suspected phishing emails;
  • set up a network security monitoring capability;
  • prevent and detect lateral movement in your organization’s network.
The post WatchGuard firewall admins warned that new malware targets the devices first appeared on IT World Canada.
Tags: DIMalwarePrivacy & Securitysecurity strategiestop story

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00