Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Malware in South Korea makes use of stolen user IDs

CyberArk Software : 27 March, 2013  (Technical Article)
Cyber-Ark comments on privileged account vulnerabilities as exploited in South Korean data-wiping malware attack
Malware in South Korea makes use of stolen user IDs

Last week, researchers discovered data-wiping malware spreading across South Korea that was targeted at wiping out PCs, especially in major banks and TV stations.  Reports initially suggested that North Korea or China had launched the cyberattack, however, speculation has now turned to the US and Europe.  The latest theory is that administrator, or privileged, login credentials were stolen from South Korean security firm AnhLab as part of a wide-spread targeted attack.

Regarding this, Matt Middleton-Leal, UK & Ireland regional director, Cyber-Ark made the following comments:

“The data wiping malware that hit South Korean TV stations and banks is the latest example of the pervasiveness of privileged account vulnerabilities and showcases why these high value accounts are continually under-attack by cyber-criminals around the world.  According to a recent report, the serious attacks carried out on South Korea were precipitated by hackers obtaining an 'administrator login to a security vendor’s patch management server via a targeted attack.'  The attackers then apparently created malware that resembled a normal software update, tricking unsuspecting organisations into infected their systems with this fake update.   
 
“Privileged accounts have typically only been thought of as the powerful IT administrator or super-user accounts.  This old notion ignores the reality that the use of privileged accounts has expanded significantly throughout the enterprise.  Privileged accounts include default and hardcoded passwords, application backdoors, and more.  These accounts exist everywhere – in servers, network devices, applications and elsewhere.  And in this case, in security patch management systems designed to help organisations stay secure and updated with the latest patches.

“Organisations need to expand their view of privileged accounts and start to proactively secure them by first identifying every one of these powerful accounts in their organisation.  Cyber-attackers know these weak spots exist and will do anything to gain access to these accounts.  We need to assume that the attackers are already on the inside and cut off the paths they travel so they can’t traverse our networks, steal information or plant logic bombs such as this.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo