Trend Micro has reported that the South Korean government and media agencies have been attacked by cybercriminals on the day of Korean War anniversary incurring damage to the Presidential office – Cheong WaDae’s web site as well as to the office of Government Policy Coordination. The defaced website showed message that read “Great leader Kim Jong-un” – North Korea’s top Leader. The unidentified attacker claims to be part of the hacktivist group.
Website defacement is only the tip of the iceberg; personal identifiable information of the members of the military and government, including the Presidential Office, and the ruling Saenuri party has also been cyber-attacked.
Sharda Tickoo, Product Marketing Manager, Trend Micro India, said, The cyber-attack involves the compromise of the auto-update mechanism related to the legitimate installer file SimDisk.exe. The incident shows that users need to be vigilant about the security of the auto-update mechanism of the vendors they choose to trust. Software vendors are also required to prioritize safeguarding product servers and the overall security of their network using products, considering the impact that a compromise in this area has on their software’s users.
According to Trend Labs, the attacker took an unprecedented approach in compromising a cloud storage provider to harvest a large number of botnet in a short period of time. By compromising the server which hosted the client installation programme (SIMDisk Installer EXE), and its update server, a significant number of PCs are compromised when the cloud storage client programme automatically updates.
To prevent such an attack, Trend Micro suggests organizations to ensure that their critical systems are secured immediately and monitored for unauthorized changes.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.