South Korea cyberattacks hold lessons for U.S.
It's not the source of an attack that matters, it's how well you are prepared for it
Computerworld - U.S companies and government agencies can learn from the large-scale disruptions that have simultaneously hit several banks and media outlets in South Korea in the last 24 hours.
Early analyses by security firms suggest that the attacks were carried out using previously known vulnerabilities and exploits.
So while considerable attention is being paid to whether or not North Korea is behind the targeted attacks, the real lesson is that organizations have to address the vulnerabilities that leave them exposed, security analysts said.
"It really doesn't matter if the attacker is a nation-state or a cybercriminal or a hacktivist or a bored teenage kid," said John Pescatore, director of emerging security trends at the SANS Institute in Bethesda, Md. "You have to make sure you are at least at the due-diligence level for the well-known critical security controls. If you close the well-known vulnerabilities, you can stop any attacker using those techniques."
At least three broadcast networks and four major banks in South Korea reported moderate to severe disruptions earlier today.
A report in the New York Times quoted South Korea's Financial Services Commission as saying that two banks, NongHyup and Jeju, were temporarily paralyzed after several computers were infected with a virus that deleted data from their systems.
Services at Shinhan Bank, South Korea's fourth largest financial institution, were also disrupted while a fourth financial services firm said it was hit but suffered no damage.
Meanwhile an official from South Korea's Communication Commission told the Voice of America (VoA) that the disruptions at the media operations appear to have been caused by a virus that was distributed as a software update by a patch management system. The virus basically destroyed the master boot record (MBR) on computer hard drives, causing them to crash, according to the official quoted by the VoA.
In a blog post today, security firm Kaspersky said that its analysis indicated that attackers going by the handle "Whois Team" had used a previously known "Wiper"-style malware program to wipe data on infected computers. The malware is similar to last year's Shamoon malware, which was used to destroy more than 30,000 computers at Saudi oil giant Saudi Aramco.
Meanwhile, security firm Avast Software noted in a blog that its analysis of the attacks show that they originated from a legitimate South Korean website belonging to the Korea Software Property Right Council (SPC). According to the company, the attackers appear to have exploited a previously known Internet Explorer vulnerability (CVE-2012-1889) to infiltrate computers at the affected banks.
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- South Korea cyberattacks hold lessons for U.S.
- U.S. military networks not prepared for cyberthreats, report warns
- Return of CISPA: Cybersecurity boon or privacy threat?
- New report says cyberspying group linked to China's army
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts