Cyber criminals attacked South Korean government and media agencies on its war anniversary, according to Trend Micro.
The global security company said the attackers compromised a cloud storage provider to harvest a large number of botnets in a short time.
The attackers, which claim to be part of the hacktivist group Anonymous, defaced the Presidential Office – Cheong Wa Dae’s website, and also affected the office of Government Policy Coordination.
Trend Micro points out that this attack successfully compromised personal identifiable information of the members of the military and government.
The server which hosted the client installation program and its update server was also compromised. These kinds of attacks are very dangerous as several PCs are compromised when the cloud storage client program is automatically updated.
Difficult to avoid attacks
The web world has become huge and these kinds of cyber attacks cannot be avoided. We can expect more of such attacks in future and Trend Micro advises application/service providers to take concrete steps to secure their infrastructure update.
In order to prevent attacks that compromise auto-update mechanism servers, organisations should immediately patch their critical systems. In addition, these systems should also be monitored for unauthorised changes.
All these goals can be achieved by leveraging Trend Micro’s Deep Security virtual patching and file integrity monitoring capabilities. The company claims these capabilities can shield critical systems before patches are applied.
Trend Micro also advises organisations to monitor network traffic for Command & Control (C&C) communication and use sandbox technology to detect customised malware.
End-users should only install programs from trusted vendor and be cautious of freeware.
Sign up for Computerworld eNewsletters.