|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-01-24 | |
| Rule Name: | Tool VPNFilter Detection - SSL Certificate Check | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | VPNFilter is a type of malware that primarily targets network routers and embedded networking devices. Discovered in 2018, this malware aims to infect and control a large number of routers globally for the purpose of conducting network attacks and data theft. This rule is used to detect the behavior of the VPNFilter to probe the SSL Certificate. | |
| Impact: | Attackers use attack tools to attack targets, which can lead to data leakage, service interruption, system crash, data tampering, and illegal access. | |
| Affected OS: | Network Device | |
| Reference: | https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware https://blogs.cisco.com/security/talos/vpnfilter |
|
| Solutions |
|---|
| 1. Scan the server file system to ensure that there are no hacker tools and related malicious files. 2. Complete system backup to ensure server data security. 3. Harden the security of the server, restrict access permissions, install firewalls, and use secure access control lists. |