Important information on VPNFilter Attacks

by maurisy ‎05-23-2018 06:29 AM - edited ‎05-23-2018 08:42 AM (4,142 Views)

Situation:

 

On Wednesday May 23, 2018, Cisco Talos released information about a modular malware system they are calling VPNFilter that details attacks against certain networking devices and network attached storages (NAS) devices. As a member of the Cyber Threat Alliance (CTA), Palo Alto Networks received indicators and research from Cisco Talos so that we could move quickly to help counter this threat more broadly. This posting is meant to provide information for Palo Alto Networks customers on two primary questions:

 

  1. Whether these attacks affect any Palo Alto Networks devices.
  2. What protections can Palo Alto Networks devices provide against these attacks.

Status of Palo Alto Network Devices

 

The Palo Alto Networks Product Security Incident Response Team (PSIRT) has an active investigation under way on this issue. At this time, we are not aware of any Palo Alto Networks devices that are affected by these attacks, but our investigation is continuing. As always, we will take appropriate steps to address any issues that our investigation should find.

 

Status of Protections Provided by Palo Alto Networks Devices

 

  • WildFire – All samples have been submitted to WildFire
  • AV – Signatures for all samples have been released with 2621-3117 
  • PAN-DB - All associated URLs and IP’s have been categorized as ‘Malware’

*Palo Alto Networks also recommends using App-ID policy in combination with EDL’s to block ‘Tor’ which may be used as C2 channel. More information.

 

For any further questions please contact support.paloaltonetworks.com.

 

-Thanks

Palo Alto Networks Customer Support

Comments
by Mt.103
2 weeks ago

Hi,

We are waiting for update.

Is the PA device affected by these attacks, nor not?

 

by soc.arca
a week ago

Is there any update regarding this issue?

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community
Contributors