3 easy steps to protect from VPNFilter malwareSyah Ismail
VPNFilter has been terrorising networks across the globe. It is a malware designed to infect routers and certain network attached storage devices. So far, it has been reported to have infected around 500,000 routers worldwide.
Therefore, it is vital that every precaution is taken to prevent this malware from stealing website credentials, exposing IoT device vulnerabilities, cutting-off Internet connections, and potentially rendering devices completely unusable. On Meraki MX, this can be easily prevented with three easy steps.
1. Enabling AMP & Snort
Visit the Security appliance > Configure > Threat protection section. A few simple clicks allow you to enable AMP and set Snort IPS to ‘Prevention’ mode with the ‘Security’ ruleset. With Cisco Snort technologies enabled, the MX performs real-time traffic analysis and can generate alerts or take actions based on a constantly updated database of threat signatures. Snort has already updated and pushed out rulesets to allow identification and prevention of VPNFilter malware for Meraki MX users who have IPS enabled. IPS rulesets are updated every 24 hours and pushed out to the MX, constantly keeping you safe from new threats.
In addition to IPS, the MX’s integrated AMP technology can detect malware and block it from being downloaded on the network. AMP can also retroactively detect files that have been downloaded on the network that have malicious markers. VPNFilter is known to infect networks by downloading files to the network from specific URLs. Fortunately, Cisco AMP has already updated its malware database for file hashes associated with VPNFilter and pushed these updates over the cloud to Meraki MX users with AMP enabled.
2. URL Blocking
Go to Security appliance > Content filtering to block the URLs listed in the Cisco Talos blog post.
3. Blocking nefarious IP addresses
Under Security appliance > Firewall you have the ability to deny traffic to all known IP addresses associated with VPNFilter malware, as listed by Cisco Talos. Meraki MX allows for intuitive URL blocking, as well as Layer 3 firewall rules to ban nefarious IP addresses. These capabilities play an integral role in keeping networks safe from malware.