[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] 'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets
By Kelly Jackson Higgins
March 20, 2013
A wave of cyberattacks that targeted South Korean banks and media networks
today employed destructive malware that wiped the hard drives and attached
drives of infected machines, crippling the organizations for hours as data was
lost and the infected machines were unable to reboot.
Details of the attacks are still coming to light, but security experts have
gotten a close-up look at the malware that was used in the attacks. One theory
being studied by Symantec and other security firms is whether the malware
initially was spread via drive-by attacks, specifically with a waterhole
strategy that infected websites that users at those organizations would
frequent, but Symantec says it has not confirmed that vector. Security firm
Avast, meanwhile, suggests that the attack originated from a legitimate Korean
website, Korea Software Property Right Council (SPC), that housed the malware.
Reports came out of South Korea today that computer screens went blank at 2
p.m. local time/5:00 a.m. GMT. The machines were defaced with a message from
"The WhoIs Team" warning that the attackers had all of the victims' user
accounts and data -- and that they had deleted the data. "We'll be back soon,"
the messages also said. Television media outlets YTN, MBC, and KBS were
targeted, as were two major banks, Shinhan Bank and NongHyup Bank, according to
Reuters. Other reports said Korean ISP LG U+, which provides services to some
of the victims, also was breached in the attacks.
South Korean military and government networks weren't infected, but the Korean
army raised its alert level amid worries that North Korea was behind the
attacks given the escalating tensions between the nations. North Korea several
days ago claimed that South Korea and the U.S. were behind attacks that knocked
several of its websites offline for close to two days -- all of that in the
wake of recent nuclear threats from North Korea, as well as drones and rocket
attack exercises conducted by North Korea.
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org