The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends that Australian users of these devices take the following actions to protect themselves against this activity:
- Update your network devices to the latest available version of firmware. Updates are typically not automatic and users should visit the manufacturers website for specific information on how to apply updates.
- Disable network device management interfaces, such as Telnet, SSH, Winbox and HTTP/S, on WAN interfaces. If you require remote management of the router, ensure you use a complex password and a protocol that supports encrypted remote connections, such as SSH and HTTPS.
- Remember to change your router default log-in password during the initial setup.
The ACSC also encourages users and administrators to review the Cisco blog post on VPNFilter for additional information on the VPNFilter malware.