Security News

Routers at risk, Canadian chaos, and a Hidden Cobra

Avast Security News Team, 1 June 2018

The FBI chases down malware threats and Canada deals with its first major cyberattack on financial institutions.

FBI advises Americans to reset their routers

Last week, we reported how the FBI had seized a key domain to the botnet VPNFilter. That story continued yesterday when the Bureau publicly asked all US residents to reboot their routers. The advice comes with the knowledge that while VPNFilter can take control of a router, part of the malware can be easily kicked off the system with a simple reboot — turning the device off for a moment. This renders the malicious program harmless, though the router can be reinfected. To prevent that, users are also advised to make sure the router’s security is fully up to date and the password has been changed from the default to a suitably complex one. The malware attacks many kinds of routers, most notably Linksys, MikroTik, Netgear, and TP-Link. Each of those companies have posted further detailed instructions to combat VPNFilter on their websites.

Open ports left over 1,000 SingTel routers vulnerable

Over a thousand home Wi-Fi users in Singapore found themselves wide open to cyberattacks this week due to a security flub. The ISP SingTel remotely opened port 10,000 on their users’ routers to troubleshoot a Wi-Fi issue, and then forgot to close the ports when they were done. Fortunately, a third-party security researcher spotted the vulnerability before any damage seems to have been done, though motivated attackers could have gained full access and control of the devices had they seen the opportunity. The remote port opening was a result of SingTel resolving an issue with their own branded routers. The telecom company announced that they will ensure port forwarding is disabled following any troubleshooting moving forward.

90,000 Canadian bank customers hit by data breach

The Great White North suffered its first-ever substantial cyberattack on financial institutions this week when two banks, the Canadian Imperial Bank of Commerce (CIBC) and the Bank of Montreal, were contacted by cybercriminals claiming to have hacked into their systems. Data was reportedly compromised for 40,000 CIBC customers and 50,000 Bank of Montreal customers. An interesting component of this hack is that the perpetrators themselves brought it to public attention by alerting the banks and attempting to extort money in exchange for not selling the compromised data. This leads authorities to believe that the actual data stolen is not lucrative on its own. Both banks, however, are alarmed by the breaches and are looking into stronger cybersecurity.

More malware from North Korean hackers Hidden Cobra

US authorities have linked two more strains of malware to Hidden Cobra, the North Korean cybercrime contingent that has been active since 2009. IP addresses, as well as other clues, have led the FBI and Department of Homeland Security to suspect the cybergang uses the remote access tool Joanap and server message block worm Brambul. The two malwares deliver a one-two punch where Brambul burrows into the system to find data like usernames and passwords, and Joanap allows the hackers to use this info to run remote commands. Cybersecurity experts suspect Hidden Cobra is the group of villains behind last year’s WannaCry attack and 2014’s Sony Pictures hack. While most of these attacks target organizations, individual users who want to protect themselves are advised to update all security software and employ firewalls.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.