SAN FRANCISCO, CA--(Marketwire - Mar 22, 2013) - The AhnLab Security Emergency Response Center (ASEC) and US headquarters of South Korea-based AhnLab (www.ahnlab.com) today commented on a large series of cyberattacks that targeted banks and broadcasters in South Korea. AhnLab confirmed that attackers used stolen user IDs and passwords to launch some of the attacks. The credentials were used to gain access to individual patch management systems located on the affected networks. Once the attackers had access to the patch management system they used it to distribute the malware much like the system distributes new software and software updates. Contrary to early reports, no security hole in any AhnLab server or product was used by the attackers to deliver the malicious code.
Analyzed by ASEC, the malware used in this latest attack can be detected in real-time and deleted with the multi-dimensional protection technology used in AhnLab's Malware Detection System (MDS) appliance. According to Brian Laing, vice president of marketing and business development, organizations with AhnLab MDS deployed were automatically protected against this latest discovery. "This attack highlights the rapidly evolving threat landscape that changes by the minute with attacks becoming more targeted, sophisticated and capable of evading traditional security solutions," said Laing.
More than 32,000 servers managed by broadcasters and banks in South Korea were attacked yesterday in what experts are calling one of the largest multiple-targeted cyberattacks in South Korea history. The shutdowns affected Shinhan Bank, Nonghyup Bank, Munhwa Broadcasting Corp., YTN and Korea Broadcasting System. The malware code for the attack was likely developed by Chinese sources and used by hackers from North Korea, according to Ryou Jae Cheol, a professor of computer engineering and securities at Chungnam National University in a statement to BusinessWeek Magazine. The malware code targeted organizations' servers and destroyed the systems' ability to boot.
For a detailed technical explanation of the attack and how ASEC and AhnLab MDS detected and deleted the threat, see this webpage: http://asec.ahnlab.com/926 (details in Korean).
AhnLab's network security product, the AhnLab Malware Defense System (MDS) appliance, offers comprehensive threat protection, rapid malware recognition and remediation, and stops malicious network traffic and dynamic disruption of active security breaches in an instant. AhnLab MDS secures endpoints, servers, networks, and cloud resources with a single architecture and an integrated management platform.
Learn more today by contacting your AhnLab partner or local AhnLab sales representative, or by visiting: http://www.ahnlab.com.