Hello, welcome to the Wednesday, March 23rd, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Yesterday, I already briefly talked about the statement by President Biden about the possible cyber attacks from Russia.

Well, wrote up some of the thoughts in a post this morning,

so nothing really that I didn't fundamentally mention in yesterday's podcast,

but if you want the little bit more elaborate written version, well, check

the link in the show notes.

And talking about Russia Cyclops Blink botnet that's commonly associated with the Russian

cyber gang Sandworm does now also go after Aces Routers.

Initially, it was more seen going after

watchguard firewalls, but looks like they're

now also expanding to some of the consumer products.

Aces now has come up with some guidance that you should follow if you believe that you got affected by this particular malware.

Essentially, what it comes down to is reset your router to factory settings.

Do apply the latest firmware and then make sure that you don't use the default password and that you

deactivate any remote access to the device, which should be the default setting and

typically requires the advanced settings in order to change it. It should have ever be noted that

the latest firmware doesn't necessarily fix the

vulnerability. That's still a little bit unclear what vulnerability or vulnerabilities are

actually being exploited here, but just disabling remote management should be sufficient in

order to prevent reinfection and installing the latest firmware is your best bet

in getting rid of any remnants of the matter. So even if your router is end of life and you

...