Page 24 - ARUBA TODAY

P. 24

A24 TECHNOLOGY
Thursday 31 May 2018
U.S. says North Korea behind malware attacks

By DEB RIECHMANN government's cyber
WASHINGTON (AP) — The activities, called "Hidden
Trump administration issued Cobra."
a fresh warning Tuesday "FBI has high confidence
about malicious North that Hidden Cobra actors
Korean cyber activity, are using IP (internet
as that nation's leader protocol) addresses to
dispatched a top adviser maintain a presence
to New York to prepare on victims' networks
for a possible summit on its and enable network
nuclear arsenal. exploitation," the alert said.
The technical alert from the "Hidden Cobra actors
FBI and the Department have likely been using
of Homeland Security both Joanap and Brambul
highlighted two pieces malware since at least 2009
of malware said to have to target multiple victims
been used to target globally and in the United
U.S. infrastructure and States, including the media,
aerospace, financial and aerospace, financial
media companies for at and critical infrastructure
least nine years to steal sectors."
information and remotely The U.S. government has
manipulate networks. identified more than 85
In recent years, the United compromised networks.
States has accused North The addresses are being
Korea of launching a slew In this Feb. 27, 2018, file photo, Kim Yong Chol, center, a vice chairman of North Korea's ruling distributed along with
of cyberattacks, and it Workers' Party Central Committee, leaves to return to North Korea, at a hotel in Seoul, South Korea. suggested remediation
wasn't immediately clear if Associated Press actions. Officials urged
there was any significance private-sector firms to
to the timing of the latest general and military to have been behind a pieces of malware: a immediately report any
warning, which came as intelligence chief, is set 2014 hack of Sony Pictures remote access tool known activity associated with the
President Donald Trump to meet in New York with Entertainment over the as Joanap and a server malware to the Department
is eying nuclear talks with Secretary of State Mike movie "The Interview," message block worm of Homeland Security
leader Kim Jong Un. Pompeo — a rare visit to a satire about a plot to commonly known as National Cybersecurity
In preparation for the the U.S. by a high-level assassinate the North Brambul. The malware is and Communications
summit, Kim Yong Chol, North Korean official. Kim Korean leader. reportedly being used as Integration Center or the
a former four-star army Yong Chol is suspected The alert described two part of the North Korean FBI Cyber Watch.q

Q&A: Should you reboot your router like the FBI says?

By The Associated Press A: No. Turning an infected with anti-virus software
Last week, the FBI recom- router off and on again packages or intrusion pro-
mended rebooting home only removes some of the tection systems. That said,
and small office routers that malware — such as ele- if you can update your
could have been infected ments that could snoop router's "firmware" to the
with disruptive malware, on your internet activity or latest version — something
allegedly by sophisticat- even overwrite the basic you can often do via the
ed state-backed Russian code on your router, thus router's phone app or web
hackers . An estimated half "bricking" it (that is, turning interface — you should. It
million routers and network- it into an inoperable brick). may not fix the problem,
attached storage devices The core infection persists but it won't hurt and may
have been infected. on reboot and there's no help.
But even the FBI acknowl- simple way to delete it. Q: Which devices are af-
edges this step will only The good news is that last fected and where can I
"temporarily disrupt" the week, the FBI seized of the learn more?
malware. Here are some command-and-control A: Cisco identified these
questions and answers server that sends instruc- companies as makers of
about the situation: tions to the infected rout- affected devices: Linksys,
Q: How can I tell if my rout- ers, disrupting the zombie Mikrotik, Netgear, TP-Link
er is infected? network that could be and QNAP. It said most of
A: Short answer: You prob- used to mount a crippling This July 27, 2008, file photo shows a, LED-illuminated wireless the infected routers are in
ably can't. Routers aren't internet-based attack. The router in Philadelphia. Associated Press Ukraine. You can find more
very consumer-friendly, bad news is that the persis- details from Talos and the
and most people lack the tent malware is in listening team, which identified the difficult for ordinary users United States Computer
ability to get deep enough mode, awaiting instruc- operation it calls VPNFilter. to fiddle with. They have Emergency Readiness
inside the device to tell if it's tions. "So all the cards are Q: Why can't I completely publicly known vulnerabili- Team . The FBI says it has
infected. still on the table," said Craig remove the malware from ties that aren't easy for av- nothing new to report be-
Q: If my router was infected Williams of Cisco's Talos my router? erage users to patch and yond the announcement it
and I reboot, is it safe? cyberthreat intelligence A: For starters, routers are typically aren't equipped put out Friday.q

19 20 21 22 23 24 25 26 27 28 29