By MANJEET GILL email@example.com
PETALING JAYA: Security intelligence solutions and service provider Trend Micro Inc claimed customers that used its security products were able to thwart cyberattacks that crippled several banks and TV stations in South Korea last Wednesday.
In the March 20 cyberattack, network servers of television broadcasters (YTN, MBC and KBS), Shinhan Bank and NongHyup were hit. The Reuters report, citing the South Korea Internet Security Agency figures, said that about 32,000 computers were affected.
At that time it was thought that the attack originated from China. However, according to a Reuters report Friday the IP address of the attacker has been traced to one of the affected banks in South Korea.
In its press release, Trend Micro said the malware attack began with the delivery of a spear phishing e-mail spoofed to look like a credit card history for the month of March.
The malware which was attached to the phishing e-mail was programmed to remain dormant and activate only on March 20 when it brought the systems down and overwrote the Master Boot Record (MBR).
The attackers had targeted for destruction not only systems running Microsoft Windows but also those running Linux, IBM AIX, Oracle Solaris and Hewlett-Packard HP-UX versions of UNIX, according to Trend Micro.
However, Trend Micro’s Deep Discovery detection and custom sandbox analysis were able to detect the spear phishing e-mail, identify the malware and discover the external command-and-control sites that the attackers used.
This enabled its customers to remedy and block all malicious communications, it claimed.
In its blog, Trend Micro said it saw the first indications of this attack on March 19 when South Korean organisations received a spam message that contained a malicious attachment, including a supposed monthly credit billing information.
The message, which appeared as if it originated from a bank, contained an attachment which downloaded nine files from several different URLs. To hide the malicious routines, it presented a fake website.
It was at this stage that the company’s Deep Discovery was able to protect its customers by heuristically detecting the malicious attachment via ATSE (Advanced Threats Scan Engine), it claimed.
Trend Micro said that its Deep Discovery then executed the attachment in a sandbox and blocked the URLs.
Go to bit.ly/14a0C9Q for more details.
Did you find this article insightful?