LONDON, UK: The AhnLab Security Emergency Response Center (ASEC) and US headquarters of South Korea-based AhnLab today confirmed a large series of cyber attacks that targeted banks and broadcasters in South Korea. AhnLab said that attackers used stolen user IDs and passwords to launch some of the attacks. The credentials were used to gain access to individual patch management systems located on the affected networks. Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and software updates. Contrary to early reports, no security hole in any AhnLab server or product was used by the attackers to deliver the malicious code.
Analysed by ASEC, the malware used in this latest attack can be detected in real-time and deleted with the multi-dimensional protection technology used in AhnLab’s Malware Detection System (MDS) appliance. According to Brian Laing, vice president of marketing and business development, organisations with AhnLab MDS deployed were automatically protected against this latest discovery.
“This attack highlights the rapidly evolving threat landscape that changes by the minute with attacks becoming more targeted, sophisticated and capable of evading traditional security solutions” said Laing.
More than 32,000 servers managed by broadcasters and banks in South Korea were attacked yesterday in what experts are calling one of the largest multiple-targeted cyberattacks in South Korea history. The shutdowns affected Shinhan Bank, Nonghyup Bank, Munhwa Broadcasting Corp., YTN and Korea Broadcasting System. The malware code for the attack was likely developed by Chinese sources and used by hackers from North Korea, according to Ryou Jae Cheol, a professor of computer engineering and securities at Chungnam National University in a statement to BusinessWeek Magazine. The Malware code targeted organisations’ servers and destroyed the systems’ ability to boot.