The FBI chases down malware threats and Canada deals with its first major cyberattack on financial institutions.
Open ports left over 1,000 SingTel routers vulnerable
Over a thousand home Wi-Fi users in Singapore found themselves wide open to cyberattacks this week due to a security flub. The ISP SingTel remotely opened port 10,000 on their users’ routers to troubleshoot a Wi-Fi issue, and then forgot to close the ports when they were done. Fortunately, a third-party security researcher spotted the vulnerability before any damage seems to have been done, though motivated attackers could have gained full access and control of the devices had they seen the opportunity. The remote port opening was a result of SingTel resolving an issue with their own branded routers. The telecom company announced that they will ensure port forwarding is disabled following any troubleshooting moving forward.
90,000 Canadian bank customers hit by data breach
The Great White North suffered its first-ever substantial cyberattack on financial institutions this week when two banks, the Canadian Imperial Bank of Commerce (CIBC) and the Bank of Montreal, were contacted by cybercriminals claiming to have hacked into their systems. Data was reportedly compromised for 40,000 CIBC customers and 50,000 Bank of Montreal customers. An interesting component of this hack is that the perpetrators themselves brought it to public attention by alerting the banks and attempting to extort money in exchange for not selling the compromised data. This leads authorities to believe that the actual data stolen is not lucrative on its own. Both banks, however, are alarmed by the breaches and are looking into stronger cybersecurity.
More malware from North Korean hackers Hidden Cobra
US authorities have linked two more strains of malware to Hidden Cobra, the North Korean cybercrime contingent that has been active since 2009. IP addresses, as well as other clues, have led the FBI and Department of Homeland Security to suspect the cybergang uses the remote access tool Joanap and server message block worm Brambul. The two malwares deliver a one-two punch where Brambul burrows into the system to find data like usernames and passwords, and Joanap allows the hackers to use this info to run remote commands. Cybersecurity experts suspect Hidden Cobra is the group of villains behind last year’s WannaCry attack and 2014’s Sony Pictures hack. While most of these attacks target organizations, individual users who want to protect themselves are advised to update all security software and employ firewalls.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today’s cyberthreats and how to beat them at blog.avast.com.