27 May 19, 08:21
Quote:Continue Reading
TechCrunch reported that the Chinese company TP-Link had not addressed a vulnerability in its routers first discovered in 2017.
This week TechCrunch reported that the Chinese company TP-Link had not addressed a vulnerability in its routers first discovered in 2017. The issue allows hackers to remotely take control of the routers by guessing weak default passwords that come with the devices. TechCrunch said the company falsely claimed to have patched the issue, but only included it in its list of system updates after the news site reached out.
Router vulnerabilities can allow access to entire networks, as happened in the massive Mirai botnet attacks of 2016. New research from Avast reveals that some 30% of TP-Link routers exhibit weak HTTP credentials. Nearly all use admin/admin to log in. Interestingly, the number of TP-Link routers with guessable passwords varies greatly across regions. For example, only 6% of TP-Link routers in North America have weak passwords while around 45% do in South and Central Asia, and East and South Europe. We will report more on the Avast IoT research soon.
This week's stats
Online scammers generated a list of 50,000 top executives to target in email fraud schemes, ZDNet reported. With losses of over $1.2 billion, email compromise is the most costly form of cybercrime, the FBI told the Avast blog.
Baltimore’s slow ransomware recovery
The city of Baltimore is gradually getting municipal services back up and running after a ransomware attack paralyzed operations earlier this month. On May 7, city officials found their servers had been hit with RobbinHood ransomware, an aggressive malware that froze about 10,000 government computers, causing mass chaos in the areas of public health systems, utility payment networks, and real estate transactions. The mayor’s office commented early on that it would not be paying the $76,000 ransom demand. Instead, Baltimore authorities have been working with the FBI to investigate the attack.
Officials are not sharing details about the state of the recovery since the investigation is ongoing, but they do report that workarounds have been put in place to temporarily process real estate payments and other city services again. “We’re getting back to a place where operations, while different, are at normal levels of service,” commented Baltimore Deputy Chief of Staff Sheryl Goldstein. Goldstein noted that Atlanta suffered a similar cyberattack last year, resulting in over six months of recovery time. “It is preferable for us to be safe and do it right than do it fast,” she said.
Government IT worker arrested for cryptomining
The Australian Federal Police (AFP) arrested a government IT contractor in Sydney for running a shadow cryptomining scheme using government computers. He “abused his position as an IT contractor to manipulate programs to use the processing power of the agency’s computer network for cryptocurrency mining,” reported the AFP. Authorities believe the IT contractor made about $9,000 in profits from the illegal cryptomining.
Technically, the contractor is being charged on two counts: the unauthorized modification of data to cause impairment and the unauthorized modification of restricted data. In order to execute the cyptomining operation without being detected, the contractor would have had to adjust security settings, rendering the entire network he was using more vulnerable than it otherwise would have been. If convicted, the alleged cryptominer could receive up to 12 years in prison.