Cyberattackers Brewed Special Malware Cocktail for South Korea

Cybersecurity news had a distinctive international flavor last week.

In South Korea, a cyberattack from unknown sources disrupted portions of the nation’s banking and broadcast industries.

During the attacks, a North Korean Human Rights website based in Washington, D.C. was also defaced.

Because of bellicose actions by North Korea in recent weeks, fingers began pointing at that rogue state. Investigators later traced the attack to a Chinese IP address.

Security researchers analyzing the attack found the Windows malware used was actually a cocktail that included a component to wipe data from Linux machines. It’s very unusual to see malware that attacks multiple operating systems, security software maker Symantec noted in a blog post.

Taiwan: China Targeting Our Infrastructure

While South Korea was under cyberattack, Taiwan started waving a red flag about attacks by Chinese hackers on its computer systems.

Appearing before a legislative committee on the island republic, the director general of Taiwan’s National Security Bureau reportedly said that China has been stepping up its online aggression, moving from stealing information to exploring ways to destroy the country’s infrastructure.

European Developments

Two significant reports regarding cybercrime and cyberwar in Europe were released last week.

Europol, in the most detailed study of its kind yet by the continent’s law enforcement community, identified 3,600 organized crime groups active in the European Union and detailed how the Internet contributed to their operations.

“The advantages of technology are great on the one hand, but we also have to keep in mind that bad guys use it as well or better than good guys,” Steve Durbin, global vice president for the Information Security Forum, told TechNewsWorld.

Organized online gangsters have another advantage over law enforcement, he added.

“The bad guys don’t suffer from budget control,” he said. “If they need more money, they just steal it.”

On the cyberwarfare front, a group of 20 experts enlisted by NATO to work on the connections between international law and online warfare released a document detailing the result of their labors.

Among the findings in the Tallinn Manual on the International Law Applicable to Cyber Warfare is that in some circumstances, deadly force can be legally used against organized hackers.

Microsoft Probe

Microsoft, too, found itself involved in international intrigue last week. It is reportedly being investigated by the U.S. Justice Department and Security and Exchange Commission for alleged kickbacks by its agents in China, Italy and Romania.

Neither Microsoft nor any other company needs to resort to corrupt practices to get business done in China, according to Dan Harris, a partner with Harris & Moure, which sponsors the China Law blog.

“As a lawyer, we’ve done hundreds of registrations in China — trademarks, copyrights, licensing agreements. We have never been hit up for a bribe,” he told TechNewsWorld.

Screen Lock Flaws

A news development outside the international realm involved the continuing efforts by Samsung and Apple to work out bugs in the lock screens on their mobile phones.

Apple pushed out an update to its mobile operating system to address a bug that allowed the lock screen to be circumvented by exploiting the emergency call feature of its phones.

No sooner had the update been released than another bug was uncovered that allowed the same kind of exploit, although this one was limited to the iPhone 4.

Meanwhile, similar lock screen problems were discovered with Samsung’s version of Android.

“This bug just lowers the bar to a level where a petty thief or inquisitive roommate or lover can get at all the stuff on your phone,” Andrew Conway, a threat researcher with Cloudmarktold TechNewsWorld.

One reason problems keep showing up in these operating systems is that the development cycles for the products is taking on an insane pace, according to Andrzej Kawalec, global chief technology officer for HP Enterprise Security Services.

“Application development life cycles keep getting shorter and developers aren’t motivated to deliver secure code,” he told TechNewsWorld. “They’re being motivated to deliver applications as fast as possible. Every time you accelerate or invent a new process, you introduce vulnerabilities.”

Breach Diary

  • Mar. 18. Cisco reveals that the password encryption algorithm in the most recent version of its operating system is weaker than the one it replaced.
  • Mar. 19. Bill clears Senate committee in South Carolina that would provide credit protection for 10 years for victims affected by last fall’s data breach at the state tax department that compromised personal information of some 6.3 million taxpayers, businesses and children.
  • Mar. 19. Microsoft reveals that several high-profile Xbox Live accounts of former and current company employees were compromised.
  • Mar. 19. Norwegian telecom provider Telenor reports cyberespionage attack results in theft of a “sizable” cache of files and emails from its executives. Details of what was stolen were not reported by the company.
  • Mar. 20. Matthew Keys, the Reuters editor charged with leaking user names and passwords to the hacker collective Anonymous, which used them to breach the systems of The Los Angeles Times, denies the charges on Facebook.
  • Mar. 21. Team Shatter releases its annual Data Breach Madness winners for 2012. At the top of the list was the University of Nebraska (654,000 records compromised in a single breach), the University of North Carolina (350,000), Arizona State University (300,000) and Northwest Florida State College (279,000). The top three 2012 breaches also made the top 10 of all time.

Upcoming Security Events

  • Mar. 27. Detecting and Defending Against Targeted Cyber Attacks. 1 p.m. ET. Webinar sponsored by Verdasys and HBGary. Free.
  • March 28. Trends in Government Security – Risk Management, Compliance and Technology. 1 p.m. Webinar. Free.
  • Apr. 9. Mobile Devices and Identity and Access Control Applications. Sands Expo & Convention Center, Las Vegas, Nev. Sponsored by Smart Card Alliance. Registration: US$470-$590.

  • Apr. 23-24. Black Hat Embedded Security Summit. McEnery Convention Center in San Jose, Calif. Registration: Before Feb. 9, $999; Feb. 9-Apr. 18, $1,099; Apr. 19-25, $1,199.
  • Apr. 23-25. Infosecurity Europe. Earls Court, London, UK. Registration: By Apr. 19, free; After Apr. 19, Pounds 20.
  • May 15-16. NFC Solutions Summit. Hyatt Regency San Francisco Airport. Registration $760-$1,020.
  • Jun. 11. Cyber Security Brainstorm. 8 a.m.-2:30 p.m. ET. Newseum, Washington, D.C. Registration for Non-government attendees: Before March 3, $395; Mar. 3-Jun. 10, $495; Onsite, $595.
  • Jul. 24. Cyber Security Brainstorm. 8 a.m.-2:30 p.m. Newseum, Washington, D.C. Registration: government, free; non-government $395, before April 10; $495, April 10-July 23; $595 July 24.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels