[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] 'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-03-21 5:11:50
Message-ID: alpine.DEB.2.02.1303210011350.18858 () infosecnews ! org
[Download RAW message or body]

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240151292/loud-data-annihilation-cyberattacks-hit-south-korean-banks-media-outlets.html

By Kelly Jackson Higgins
Dark Reading
March 20, 2013

A wave of cyberattacks that targeted South Korean banks and media networks 
today employed destructive malware that wiped the hard drives and attached 
drives of infected machines, crippling the organizations for hours as data was 
lost and the infected machines were unable to reboot.

Details of the attacks are still coming to light, but security experts have 
gotten a close-up look at the malware that was used in the attacks. One theory 
being studied by Symantec and other security firms is whether the malware 
initially was spread via drive-by attacks, specifically with a waterhole 
strategy that infected websites that users at those organizations would 
frequent, but Symantec says it has not confirmed that vector. Security firm 
Avast, meanwhile, suggests that the attack originated from a legitimate Korean 
website, Korea Software Property Right Council (SPC), that housed the malware.

Reports came out of South Korea today that computer screens went blank at 2 
p.m. local time/5:00 a.m. GMT. The machines were defaced with a message from 
"The WhoIs Team" warning that the attackers had all of the victims' user 
accounts and data -- and that they had deleted the data. "We'll be back soon," 
the messages also said. Television media outlets YTN, MBC, and KBS were 
targeted, as were two major banks, Shinhan Bank and NongHyup Bank, according to 
Reuters. Other reports said Korean ISP LG U+, which provides services to some 
of the victims, also was breached in the attacks.

South Korean military and government networks weren't infected, but the Korean 
army raised its alert level amid worries that North Korea was behind the 
attacks given the escalating tensions between the nations. North Korea several 
days ago claimed that South Korea and the U.S. were behind attacks that knocked 
several of its websites offline for close to two days -- all of that in the 
wake of recent nuclear threats from North Korea, as well as drones and rocket 
attack exercises conducted by North Korea.

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org
[prev in list] [next in list] [prev in thread] [next in thread]