South Korean Organisations Under Cyber Attack

South Korean Organisations Under Cyber Attack

Yesterday, it was reported that a suspected cyber attack has paralysed computer networks at three broadcasting organisations and two banks in South Korea. The organisations’ networks had been “partially or entirely crippled”, with some banking services including ATM machines also affected.

The cause of the problems remains unknown, and South Korean authorities are “now trying to determine the cause of the network paralysis”. While no government-related computer networks had been affected, officials stated it was not yet known whether North Korea was involved, but “We do not rule out the possibility of North Korea being involved,” said South Korean Defence Ministry spokesman Kim Min-seok.

South Korea is one of the world’s most technically aware societies and is often described as ‘The World’s Most Wired’ country. As such, it is especially critical for its organisations to have a deep understanding of their own IT systems in order to ensure that its networks are not only adequately protected, but should they be attacked – which seems inevitable in today’s era of cyber attacks – that any potential damage is effectively minimised in real time and evidence of the attack is correctly monitored.

The cause of yesterday’s network problems are still unclear and managed to infiltrate systems to the point of “crippling” them – indicating that these organisations didn’t have the visibility required to effectively monitor IT systems and identify and remediate any anomalous IT network behaviour in real time.

Organisations need to be continually monitoring all of the log data generated by all of their IT assets in real time – which is where evidence of all IT network activity lies – to detect and respond to suspicious or unauthorised behaviour the instant it takes place. Not only does this log data help firms identify hacks before any lasting damage can be done, it also provides vital forensic evidence about how and why these attacks happened in the first place.

The other serious issue is that there remains an enormous amount of uncertainty surrounding the origins of the attack. Without confirmation of the source of cyber attacks, inaccurate finger-pointing can and often occurs – and given the current diplomatic tensions between South and North Korea, this can lead to unwanted military involvement.

As such, further forensic analysis of the breach is required – but this cannot be achieved with traditional point security solutions, such as anti-virus or firewall tools. A holistic IT security strategy focusing on the continuous monitoring of IT networks provides the network visibility and intelligent insight needed for such deep forensic analysis. Only with this deep level of network visibility can organisations ensure cyber attacks are effectively mitigated and accurately attributed to the correct perpetrators.

Ross Brewer brings to over 22 years of sales and management experience in high tech and information security. Prior to joining LogRhythm, he was a senior executive at LogLogic where he served as vice president and managing director EMEA. Ross has held senior management and sales positions in Europe for systems and security management vendor NetIQ and security vendor PentaSafe (acquired by NetIQ). He was also responsible for launching Symantec’s New Zealand Operations.

  • Wieland Alge

    Investigations into suspected cyber-attacks on broadcasters and banks in South Korea reflects the realisation that cyber attacks are becoming more and more frequent. The gangs behind them are improving their exploitation tactics greatly, whether to display pop-up advertisements, install spyware to spy on users’ Web browsing habits or insert Trojans.

    Any critical infrastructures are in constant danger of being targeted too. Private and publicly owned businesses alike need to have a clear and immediate understanding of the threat situation in order to develop countermeasures to protect themselves from falling prey to the same kind of attack.

    In order to help address this, precautions must be taken at all levels to prevent the crime happening in the first place. A good place to start is by ensuring effective perimeter defences such as firewalls and strong security policies are in place to start with. Cybercriminals are stepping up their game and so should we.

    Wieland Alge, VP and General Manager EMEA at Barracuda Networks.