The FBI chases down malware threats and Canada deals with its first major cyberattack on financial institutions.
Last week, we reported how the FBI had seized a key domain to the botnet VPNFilter. That story continued yesterday when the Bureau publicly asked all US residents to reboot their routers. The advice comes with the knowledge that while VPNFilter can take control of a router, part of the malware can be easily kicked off the system with a simple reboot — turning the device off for a moment. This renders the malicious program harmless, though the router can be reinfected. To prevent that, users are also advised to make sure the router’s security is fully up to date and the password has been changed from the default to a suitably complex one. The malware attacks many kinds of routers, most notably Linksys, MikroTik, Netgear, and TP-Link. Each of those companies have posted further detailed instructions to combat VPNFilter on their websites.
Over a thousand home Wi-Fi users in Singapore found themselves wide open to cyberattacks this week due to a security flub. The ISP SingTel remotely opened port 10,000 on their users’ routers to troubleshoot a Wi-Fi issue, and then forgot to close the ports when they were done. Fortunately, a third-party security researcher spotted the vulnerability before any damage seems to have been done, though motivated attackers could have gained full access and control of the devices had they seen the opportunity. The remote port opening was a result of SingTel resolving an issue with their own branded routers. The telecom company announced that they will ensure port forwarding is disabled following any troubleshooting moving forward.
The Great White North suffered its first-ever substantial cyberattack on financial institutions this week when two banks, the Canadian Imperial Bank of Commerce (CIBC) and the Bank of Montreal, were contacted by cybercriminals claiming to have hacked into their systems. Data was reportedly compromised for 40,000 CIBC customers and 50,000 Bank of Montreal customers. An interesting component of this hack is that the perpetrators themselves brought it to public attention by alerting the banks and attempting to extort money in exchange for not selling the compromised data. This leads authorities to believe that the actual data stolen is not lucrative on its own. Both banks, however, are alarmed by the breaches and are looking into stronger cybersecurity.
US authorities have linked two more strains of malware to Hidden Cobra, the North Korean cybercrime contingent that has been active since 2009. IP addresses, as well as other clues, have led the FBI and Department of Homeland Security to suspect the cybergang uses the remote access tool Joanap and server message block worm Brambul. The two malwares deliver a one-two punch where Brambul burrows into the system to find data like usernames and passwords, and Joanap allows the hackers to use this info to run remote commands. Cybersecurity experts suspect Hidden Cobra is the group of villains behind last year’s WannaCry attack and 2014’s Sony Pictures hack. While most of these attacks target organizations, individual users who want to protect themselves are advised to update all security software and employ firewalls.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.
Avast researchers obtained information that the Ursnif banking Trojan has targeted 100 Italian banks and may have thousands of victims.