The router vulnerability that lingered for years, and more news of the week

TechCrunch reported that the Chinese company TP-Link had not addressed a vulnerability in its routers first discovered in 2017.

This week TechCrunch reported that the Chinese company TP-Link had not addressed a vulnerability in its routers first discovered in 2017. The issue allows hackers to remotely take control of the routers by guessing weak default passwords that come with the devices. TechCrunch said the company falsely claimed to have patched the issue, but only included it in its list of system updates after the news site reached out.

Router vulnerabilities can allow access to entire networks, as happened in the massive Mirai botnet attacks of 2016. New research from Avast reveals that some 30% of TP-Link routers exhibit weak HTTP credentials. Nearly all use admin/admin to log in. Interestingly, the number of TP-Link routers with guessable passwords varies greatly across regions. For example, only 6% of TP-Link routers in North America have weak passwords while around 45% do in South and Central Asia, and East and South Europe. We will report more on the Avast IoT research soon.

This week's stats

Online scammers generated a list of 50,000 top executives to target in email fraud schemes, ZDNet reported. With losses of over $1.2 billion, email compromise is the most costly form of cybercrime, the FBI told the Avast blog.

Baltimore’s slow ransomware recovery

The city of Baltimore is gradually getting municipal services back up and running after a ransomware attack paralyzed operations earlier this month. On May 7, city officials found their servers had been hit with RobbinHood ransomware, an aggressive malware that froze about 10,000 government computers, causing mass chaos in the areas of public health systems, utility payment networks, and real estate transactions. The mayor’s office commented early on that it would not be paying the $76,000 ransom demand. Instead, Baltimore authorities have been working with the FBI to investigate the attack.

Officials are not sharing details about the state of the recovery since the investigation is ongoing, but they do report that workarounds have been put in place to temporarily process real estate payments and other city services again. “We’re getting back to a place where operations, while different, are at normal levels of service,” commented Baltimore Deputy Chief of Staff Sheryl Goldstein. Goldstein noted that Atlanta suffered a similar cyberattack last year, resulting in over six months of recovery time. “It is preferable for us to be safe and do it right than do it fast,” she said.

Government IT worker arrested for cryptomining

The Australian Federal Police (AFP) arrested a government IT contractor in Sydney for running a shadow cryptomining scheme using government computers. He “abused his position as an IT contractor to manipulate programs to use the processing power of the agency’s computer network for cryptocurrency mining,” reported the AFP. Authorities believe the IT contractor made about $9,000 in profits from the illegal cryptomining.

Technically, the contractor is being charged on two counts: the unauthorized modification of data to cause impairment and the unauthorized modification of restricted data. In order to execute the cyptomining operation without being detected, the contractor would have had to adjust security settings, rendering the entire network he was using more vulnerable than it otherwise would have been. If convicted, the alleged cryptominer could receive up to 12 years in prison.

This week's quote

“Some of our more intricate systems may take months in the recovery process." – Baltimore Mayor Bernard C. "Jack" Young, on the city’s recovery from ransomware 

Phishing kit phishes the phishers

A phishing kit being sold on the dark web has been found to contain a backdoor that allows the malware developer to steal from his or her own cybercriminal customers. The 16Shop phishing kit is a sophisticated malware that supports 10 languages and attacks both desktop and mobile victims. SC Media reported that Cybersecurity researchers studying the code of the malware discovered an obfuscated snippet of code that surreptitiously set up a backdoor within the program. In addition to the secret backdoor, researchers learned that stolen info is also sent to a specific Telegram bot, believed to belong to 16Shop’s creator. Ironically, while the malware developer may feel entitled to all the spoils captured by 16Shop, he or she built the phishing malware with a protection code that keeps it from being copied or run without a proper paid license.

Facial recognition tech tested on Melbourne students

Professional services provider Genix Ventures has installed NeoFace facial recognition software into testing facilities that provide English-language tests for healthcare professionals looking to work in an English-speaking territory, ZDNet reported. The point of the NeoFace tech is to guarantee that test-takers are always the enrolled students they’re supposed to be and not impersonators helping students cheat. The facial recognition tech will be deployed at the beginning of the test and then at random intervals throughout.

NEC Australia, developers of NeoFace, have already launched facial recognition tools around the globe, including in the country of Georgia, in a Japanese international airport, and across various territories in Australia.

This week's 'must-read' on The Avast Blog

Call it The Case of the $200,000 Typo. A one-keystroke misspelling was the only clue to a business email scam that swiped a money transfer of a down payment from a home buyer. The FBI told the Avast blog about this case – an example of the costliest kind of cybercrime.

Learn more about products that protect your digital life at And get all the latest news on today's cyberthreats and how to beat them at Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN


Related articles

--> -->