Trend Micro customers shielded from cyberattack in South Korea


By MANJEET GILL bytz@thestar.com.my

PETALING JAYA: Security intelligence solutions and service provider Trend Micro Inc claimed customers that used its security products were able to thwart cyberattacks that crippled several banks and TV stations in South Korea last Wednesday.

In the March 20 cyberattack, network servers of television broadcasters (YTN, MBC and KBS), Shinhan Bank and NongHyup were hit. The Reuters report, citing the South Korea Internet Security Agency figures, said that about 32,000 computers were affected.

At that time it was thought that the attack originated from China. However, according to a Reuters report Friday the IP address of the attacker has been traced to one of the affected banks in South Korea.

In its press release, Trend Micro said the malware attack began with the delivery of a spear phishing e-mail spoofed to look like a credit card history for the month of March.

The malware which was attached to the phishing e-mail was programmed to remain dormant and activate only on March 20 when it brought the systems down and overwrote the Master Boot Record (MBR).

The attackers had targeted for destruction not only systems running Microsoft Windows but also those running Linux, IBM AIX, Oracle Solaris and Hewlett-Packard HP-UX versions of UNIX, according to Trend Micro.

However, Trend Micro’s Deep Discovery detection and custom sandbox analysis were able to detect the spear phishing e-mail, identify the malware and discover the external command-and-control sites that the attackers used.

This enabled its customers to remedy and block all malicious communications, it claimed.

In its blog, Trend Micro said it saw the first indications of this attack on March 19 when South Korean organisations received a spam message that contained a malicious attachment, including a supposed monthly credit billing information.

The message, which appeared as if it originated from a bank, contained an attachment which downloaded nine files from several different URLs. To hide the malicious routines, it presented a fake website.

It was at this stage that the company’s Deep Discovery was able to protect its customers by heuristically detecting the malicious attachment via ATSE (Advanced Threats Scan Engine), it claimed.

Trend Micro said that its Deep Discovery then executed the attachment in a sandbox and blocked the URLs.

Go to bit.ly/14a0C9Q for more details.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

   

Did you find this article insightful?

Yes
No

Next In Tech News

Telegram is not the ultimate privacy messenger you think it is
Apple's misleading claims of waterproof iPhones prompt fines in Italy
Could Twitter be the source of tomorrow's bestsellers?
US House Democrats adopt mobile Internet voting for leadership contests
Moscow launches online registration for Covid-19 vaccination
Ten years ago today, Groupon turned down Google’s US$6bil offer – here’s what’s happened since
Apple Pay targeted in Dutch antitrust probe into payment apps
Intern builds billion-dollar company inspired by mom’s comment
AI paintings of Chinese landscapes pass as human-made 55% of the time, research by Princeton student shows
Google scientist’s abrupt exit exposes rift in prominent AI unit

Stories You'll Enjoy