This article responds to concerns about the VPNFilter malware that has been attacking small office home office (SOHO) routers. We have no reason to believe that Sophos UTM, Cyberoam UTM, and Sophos XG Firewall are affected by the VPNFilter malware. VPNFilter was created to directly target SOHO routers and other network appliances including Internet of Things (IoT) devices such as NAS Devices and IP Cameras.
Applies to the following Sophos product(s) and version(s) Sophos UTM CyberoamSophos Firewall
Sophos recommends to:
Note: These steps are not required to protect Sophos appliances against VPNFilter. AV scanning can detect malware payloads downloaded to machines behind the UTM. IPS can detect attempted attacks hitting the firewall and against devices behind the IPS that are open to the internet.
Rules for IPS have been or are being deployed out to all devices with the proper subscriptions. Please check below to check the status for your device.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.