South Korean Cyber Attacks Used Patch Management IDs; Phishing Tactics
The aftermath of a major cyber-security breach can be confusing: When initial reports surfaced that the networks of many banks and TV stations in South Korea went down due to malware, government officials pointed fingers at China, while bloggers whispered about North Korea.
Then, after the Korean Communications Comission had time to process the events, it concluded that the attack came from an IP address at a South Korean bank--though it could have originally come from another country.
But shortly thereafter, analysts reported that that malware originated from the servers of Korean security software company AhnLab. AhnLab refuted those claims, saying that hackers didn’t launch their attacks from AhnLab directly, or exploit an AhnLab security hole, but somehow stole user IDs and passwords to access patch management system software from AhnLab running on individual client machines.
"The credentials were used to gain access to individual patch management systems located on the affected networks," according an AhnLab Security Emergency Response Center statement. "Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and software updates."
More than 32,000 Windows, Linux and Unix servers were affected by malware that overwrites master boot record data, then reboots and wipes the machine. Some machines were infected by a standard e-mail attachment phishing campaign, according to Trend Micro, but others were infiltrated via SSH clients and RAR archives, according to F-Secure researchers. Symantec said it found four different types of remote-wiping bugs.
Rachel RosmarinRachel Rosmarin's technology reporting experience goes back a decade to the dawn of Wi-Fi, smartphones and the Mp3. She has an in-depth knowledge of consumer electronics and has cultivated her love of useful new toys and innovative social software at publications including Tom’s Guide, Forbes, Business 2.0, Sound & Vision and Mobile Magazine. She holds degrees in Journalism and Science In Human Culture from Northwestern University and is based in Los Angeles.
See here for all of Rachel's Tom's IT Pro articles.
Check Out These Recent IT Slideshows
- Slideshow: Rugged Tech for the Enterprise
- Slideshow: The Ten Most Influential People in IT
- Slideshow: Essential Open Source Tools for the System Administrator
- Slideshow: Top Ten Major Security Breaches of 2012
- An Illustrated Guide to Making the Move to 10 Gigabit Ethernet
- Slideshow: Essential Proprietary Network Admin Tools
- Slideshow: Top Paying Technology Jobs by Position
- An Illustrated History of Hacking Through The Years